45 matches found
CVE-2026-5513
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-44496
A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service DoS, where the affected browser tab may...
Linux Distros Unpatched Vulnerability : CVE-2026-44496
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular...
DEBIAN-CVE-2026-44496
Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...
CVE-2026-44496
Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...
UBUNTU-CVE-2026-44496
Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...
EUVD-2026-36259
Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...
CVE-2026-44496 Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection
Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...
CVE-2026-44496 Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection
Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...
CVE-2026-44496
Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...
CVE-2026-44496
CVE-2026-44496 affects Axios in browser environments where Axios reads document.cookie. Versions before 0.32.0 (0.x branch) and before 1.16.0 (1.x branch) build a regex from the configured XSRF cookie name without escaping regex metacharacters, enabling expensive regex backtracking and potential ...
Axios 资源管理错误漏洞
Axios is an open-source HTTP client developed by Axios, based on Promise a solution for asynchronous programming. Versions of Axios prior to 0.32.0 and 1.16.0 have a resource management vulnerability. This vulnerability arises from failing to escape regular expression characters when constructing...
Regular Expression Denial of Service (ReDoS)
Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the read function when attacker-controlled input is used as the cookie name parameter, which is interpolated into a regular...
GHSA-HFXV-24RG-XRQF Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection
Summary Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who can influence the cookie name passed to axios can cause...
Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection
Summary Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who can influence the cookie name passed to axios can cause...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the read function when attacker-controlled input is used as the cookie name parameter, which is interpolated...
CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...
CVE-2026-43969
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...
EUVD-2026-20499
Hono: Non-breaking space prefix bypass in cookie name handling in getCookie...
Hono missing validation of cookie name on write path in setCookie()
Summary Cookie names are not validated on the write path when using setCookie, serialize, or serializeSigned to generate Set-Cookie headers. While certain cookie attributes such as domain and path are validated, the cookie name itself may contain invalid characters. This results in inconsistent...