3 matches found
UBUNTU-CVE-2026-44495
Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted Object.prototype.transformResponse,...
CVE-2026-44495 Axios: Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge
Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted Object.prototype.transformResponse,...
CVE-2025-66557
Affected software: Nextcloud Deck plugin/app. Vulnerability: A bug in the permission logic allowed users with the "Can share" permission to modify the permissions of other recipients (non-owners). Versions impacted: Pre-1.14.6 and pre-1.15.2. Impact (as stated): Users could alter recipient permis...