Lucene search
K

5 matches found

CVE
CVE
added 2026/06/16 10:29 p.m.18 views

CVE-2026-48788

CVE-2026-48788 affects Remark42 (versions 1.6.0–1.15.0). The known issue is a content-type spoofing-based XSS in the image proxy: during download the proxy checks Content-Type headers to decide if a resource is an image, but the serving phase sniffing can differ, leading to a mismatch that lets H...

8.2CVSS7.8AI score0.00251EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/11 3:32 p.m.10 views

EUVD-2026-36257

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle MIT...

8.7CVSS5.4AI score0.01041EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/11 3:32 p.m.10 views

CVE-2026-44494 Axios: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle MIT...

8.7CVSS5.4AI score0.01041EPSS
Exploits1References1
CVE
CVE
added 2026/06/11 3:32 p.m.167 views

CVE-2026-44494

Axios

8.7CVSS5.4AI score0.01041EPSS
Exploits1References31Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/06 8:44 p.m.4 views

CVE-2026-25628 Qdrant affected by arbitrary file write via `/logger` endpoint

Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled ondisk.logfile path. Minimal privileges are required read-only access. This vulnerability is fixed in 1.16.0...

8.5CVSS5.5AI score0.0049EPSS
Exploits1References3
Rows per page
Query Builder