Lucene search
K

6 matches found

EUVD
EUVD
added 2026/04/10 7:47 p.m.9 views

EUVD-2026-21573

Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain...

10CVSS5.8AI score0.01815EPSS
Exploits5References4
Vulnrichment
Vulnrichment
added 2026/04/10 7:23 p.m.6 views

CVE-2026-40175 Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain

Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This...

4.8CVSS6.8AI score0.01815EPSS
Exploits5References7
CVE
CVE
added 2026/04/10 7:23 p.m.820 views

CVE-2026-40175

CVE-2026-40175 affects the Axios HTTP client (browser/Node.js). The root cause is prototype pollution in a third‑party dependency, which could allow injection of unsanitized header values into outbound requests. This is fixed in Axios releases 1.15.0 and 0.3.1. If you use Axios prior to those ver...

9CVSS6.8AI score0.01815EPSS
Exploits5References43Affected Software1
Snyk
Snyk
added 2026/03/27 11:24 p.m.4 views

Server-side Request Forgery (SSRF)

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the /api/addPackage endpoint. An attacker can access internal network services and exfiltrate sensitive cloud metadata b...

9.6CVSS6AI score0.00397EPSS
Exploits1References2
OSV
OSV
added 2026/03/27 6:0 p.m.2 views

GHSA-M74M-F7CR-432X pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration

Summary PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network services and exfiltrate cloud provider metadata. On DigitalOcean droplets, this exposes sensitive...

9.3CVSS6.1AI score0.00397EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.4 views

PT-2026-27456

Name of the Vulnerable Software and Affected Versions LoLLMs WEBUI affected versions not specified Description LoLLMs WEBUI, the web user interface for Lord of Large Language and Multi modal Systems, contains a Server-Side Request Forgery SSRF issue. An unauthenticated attacker can exploit this t...

9.1CVSS5.9AI score0.21629EPSS
Exploits3References8
Rows per page
Query Builder