Lucene search
K

4641 matches found

Github Security Blog
Github Security Blog
added 2026/01/15 8:12 p.m.9 views

solspace/craft-freeform Has a DoS Vulnerability

Summary Freeform plugin v4.1.29 uses vulnerable Axios ^1.7.7 allowing unauthenticated attackers to crash servers via malicious data: URIs causing memory exhaustion CVE-2025-58754. Freeform version: 4.1.29 Craft CMS version: 4.16.8 Impact When Axios runs on Node.js and is given a URL with the data...

7.5CVSS6.1AI score0.01099EPSS
Exploits1References8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/15 6:50 p.m.6 views

Security Bulletin: A vulnerability in axios affects IBM Robotic Process Automation and may result in a denial of service (CVE-2025-58754)

Summary A vulnerability in axios affects IBM Robotic Process Automation and may result in a denial of service. form-data is used by IBM Robotic Process Automation as part of the UI framework. This bulletin identifies the fixes required to address this vulnerability. Vulnerability Details...

7.5CVSS8.4AI score0.01099EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.6 views

PT-2026-4737

Summary The latest versions of both 4.x and 5.x are using Axios versions 1.7.5 and as such are subject to known vulnerabilities as per: https://security.snyk.io/package/npm/axios Details We've had this flagged up in a pen test, which indicates the issue stems from this script: /freeform/plugin.js...

5.9AI score
Exploits0References3
Veracode
Veracode
added 2026/01/13 7:56 a.m.8 views

Authorization Bypass

Axios Cache Interceptor is vulnerable to an Authorization Bypass. The vulnerability is due to improper cache key generation, where cached responses are keyed only by URL and ignore the Authorization header and Vary: Authorization, causing responses generated for one user’s auth token to be reused...

6.5CVSS7AI score0.00272EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/01/07 10:55 p.m.2 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition via the Request function in the client.go file. An attacker can access or leak proxy configuration and potentially sensitive data by exploiting concurrent requests that mutate shared HTTP client properties without...

8.2CVSS6.8AI score0.00363EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/02 6:10 p.m.5 views

Security Bulletin: Rational Performance Tester contains a vulnerability which could affect its use of the JavaScript HTTP client Axios

Summary Due to the use of the JavaScript HTTP client Axios, Rational Performance Tester contains a vulnerability which can result in a potential dential of service attack. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Whe...

7.5CVSS6.7AI score0.01099EPSS
Exploits1Affected Software1
OSV
OSV
added 2025/12/30 3:37 p.m.5 views

GHSA-X4M5-4CW8-VC44 axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header

Summary When a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass. Details The cache key is generated only from the URL, ignoring request headers like Authorization. When the server responds wit...

6CVSS6.9AI score0.00272EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/12/30 3:37 p.m.8 views

axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header

Summary When a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass. Details The cache key is generated only from the URL, ignoring request headers like Authorization. When the server responds wit...

6.5CVSS7AI score0.00272EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsv
added 2025/12/30 3:37 p.m.6 views

@0xecho/button (>=0.0.1 <=0.0.17), @anguyenguy/frontend-platform (>=1.0.1 <=1.0.2) +68 more potentially affected by CVE-2025-69202 via axios-cache-interceptor (>=0.10.7 <=1.0.0)

axios-cache-interceptor NPM version =0.10.7, =0.0.1, =1.0.1, =0.4.0, =0.0.1, =5.0.2-alpha.1-nelp.1, =0.1.0-testing, =3.3.0-alpha.1, =1.1.0, =1.0.0, =1.0.0-semantically-released, =11.7.0, =4.8.1, =5.5.0 and more Source cves: CVE-2025-69202 Source advisory: OSV:GHSA-X4M5-4CW8-VC44...

6.5CVSS5.8AI score0.00272EPSS
Exploits1
Snyk
Snyk
added 2025/12/29 7:43 p.m.3 views

Cache Poisoning

Overview axios-cache-interceptor is a Cache interceptor for axios Affected versions of this package are vulnerable to Cache Poisoning by ignoring the Vary HTTP header. An attacker can access unauthorized cached responses to obtain sensitive user data by sending requests with multiple different...

7.1CVSS6.6AI score0.00272EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2025/12/29 7:43 p.m.6 views

@tutkli/jikan-ts (>=0.6.1 <=0.6.3) potentially affected by CVE-2025-69202 via axios-cache-interceptor (=1.0.0)

axios-cache-interceptor NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on axios-cache-interceptor and may be impacted: - @tutkli/jikan-ts =0.6.1, =0.6.3 Source cves: CVE-2025-69202 Source advisory: SNYK:JS-AXIOSCACHEINTERCEPTOR-1472426...

6.5CVSS5.8AI score0.00272EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/12/29 7:13 p.m.1 views

CVE-2025-69202 axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header

Axios Cache Interceptor is a cache interceptor for axios. Prior to version 1.11.1, when a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass. The cache key is generated only from the URL, ignori...

6CVSS6.3AI score0.00272EPSS
Exploits1References2
CVE
CVE
added 2025/12/29 7:13 p.m.11 views

CVE-2025-69202

The CVE describes a cache poisoning/vulnerability in axios-cache-interceptor prior to v1.11.1: the cache key is generated from the URL only, ignoring request headers like Authorization. When upstream responses include Vary: Authorization, this leads to identical cached responses being served for ...

6.5CVSS6.3AI score0.00272EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/12/29 7:13 p.m.4 views

CVE-2025-69202 axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header

Axios Cache Interceptor is a cache interceptor for axios. Prior to version 1.11.1, when a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass. The cache key is generated only from the URL, ignori...

6CVSS6.6AI score0.00272EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 3:29 a.m.5 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.10.0.tgz, axios-1.11.0.tgz which are vulnerable to CVE-2025-58754.

Summary IBM Maximo Application Suite - Monitor Component uses axios-1.10.0.tgz, axios-1.11.0.tgz which are vulnerable to CVE-2025-58754. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client fo...

7.5CVSS6.1AI score0.01099EPSS
Exploits1Affected Software1
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.3 views

Axios Cache Interceptor 安全漏洞

Axios Cache Interceptor is a cache interceptor by the individual developer Arthur Fiorette. A security vulnerability exists in Axios Cache Interceptor versions prior to 1.11.1, which stems from cache key generation ignoring the authorization header, which could lead to authorization bypass...

6.5CVSS5.8AI score0.00272EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.8 views

PT-2025-53783

Name of the Vulnerable Software and Affected Versions Axios Cache Interceptor versions prior to 1.11.1 Description Axios Cache Interceptor, a cache interceptor for axios, improperly handles responses with the Vary: Authorization header. Prior to version 1.11.1, the cache key was generated solely...

6.5CVSS6.6AI score0.00272EPSS
Exploits1References7
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/23 2:49 p.m.4 views

Security Bulletin: Multiple open source vulnerabilities affect IBM Db2 Big SQL on Cloud Pak for Data

Summary Multiple open source vulnerabilities affect IBM Db2 Big SQL 7 on Cloud Pak for Data 5 Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip the Proxy-Authorization header...

7.5CVSS7.9AI score0.01414EPSS
Exploits3Affected Software1
Atlassian
Atlassian
added 2025/12/12 7:27 a.m.15 views

SSRF (Server-Side Request Forgery) axios Dependency in Bamboo Data Center and Server

This High severity SSRF Server-Side Request Forgery vulnerability was introduced in versions 9.6.1, 10.0.0, 10.1.0, 10.2.0, and 11.0.0 of Bamboo Data Center and Server. This SSRF Server-Side Request Forgery vulnerability, with a CVSS Score of 7.7 and a CVSS Vector of...

8.7CVSS7AI score0.00759EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/12/10 12:0 a.m.10 views

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Important) (RHSA-2025:23069)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23069 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

9.1CVSS7.5AI score0.1914EPSS
Exploits11References14
Rows per page
Query Builder