Lucene search
+L

4 matches found

OSV
OSV
added 2026/06/11 5:16 p.m.9 views

UBUNTU-CVE-2026-44495

Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted Object.prototype.transformResponse,...

7CVSS5.3AI score0.00495EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/11 3:33 p.m.56 views

CVE-2026-44495 Axios: Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge

Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted Object.prototype.transformResponse,...

7CVSS0.00495EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/05 12:21 a.m.5 views

EUVD-2026-25606

Axios: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy...

6.5CVSS5.8AI score0.00611EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/13 4:52 p.m.21 views

CVE-2026-23891 Decidim has a Cross-site scripting (XSS) vulnerability via user name field

Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting...

9.3CVSS0.00356EPSS
Exploits0References3
Rows per page
Query Builder