Lucene search
+L

366 matches found

nvd
nvd
added 2026/06/17 8:16 p.m.11 views

CVE-2026-10741

Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials...

5.9CVSS0.0026EPSS
Exploits0References2
euvd
euvd
added 2026/06/17 7:1 p.m.12 views

EUVD-2026-37783

Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials...

5.9CVSS5.2AI score0.0026EPSS
Exploits0References2
osv
osv
added 2026/06/17 8:57 a.m.5 views

SUSE-SU-2026:22146-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. - CVE-2026-6276: stale custom...

7.5CVSS5.8AI score0.00639EPSS
Exploits5References11
osv
osv
added 2026/06/17 8:47 a.m.2 views

OPENSUSE-SU-2026:20973-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. - CVE-2026-6276: stale custom...

7.5CVSS5.8AI score0.00639EPSS
Exploits5References10
osv
osv
added 2026/06/15 8:37 p.m.14 views

GHSA-PW6J-QG29-8W7F Tornado: CurlAsyncHTTPClient leaks per-request credentials on handle reuse

CurlAsyncHTTPClient leaks per-request credentials on handle reuse Summary CurlAsyncHTTPClient pools and reuses pycurl handles across requests but does not reset them between requests, and several per-request options are applied with no clearing branch. As a result, sensitive state set by one...

5.9CVSS5.4AI score
Exploits0References2
github
github
added 2026/06/15 8:37 p.m.17 views

Tornado: CurlAsyncHTTPClient leaks per-request credentials on handle reuse

CurlAsyncHTTPClient leaks per-request credentials on handle reuse Summary CurlAsyncHTTPClient pools and reuses pycurl handles across requests but does not reset them between requests, and several per-request options are applied with no clearing branch. As a result, sensitive state set by one...

5.4AI score
Exploits0References2Affected Software1
veracode
veracode
added 2026/06/15 8:8 a.m.10 views

Information Exposure

Axios is vulnerable to Information Exposure. The vulnerability is due to improper handling of the Proxy-Authorization header in the Node.js HTTP adapter, where proxy credentials can be forwarded to a redirected destination during certain proxy-to-direct redirect flows, allowing an...

8.2CVSS5.3AI score0.00664EPSS
Exploits1References36Affected Software1
redhatcve
redhatcve
added 2026/06/12 1:9 a.m.15 views

CVE-2026-44487

A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final...

8.2CVSS5.1AI score0.00664EPSS
Exploits1References4
redhatcve
redhatcve
added 2026/06/12 1:9 a.m.12 views

CVE-2026-44486

A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can...

7.5CVSS5.1AI score0.00532EPSS
Exploits1References4
nessus
nessus
added 2026/06/12 12:0 a.m.33 views

Linux Distros Unpatched Vulnerability : CVE-2026-44486

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios' Node.js HTTP adapter can leak proxy credentials to a redire...

7.5CVSS6.1AI score0.00532EPSS
Exploits1References3
nessus
nessus
added 2026/06/12 12:0 a.m.23 views

Linux Distros Unpatched Vulnerability : CVE-2026-44487

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios's Node.js HTTP adapter may forward a Proxy-Authorization...

8.2CVSS5.9AI score0.00664EPSS
Exploits1References3
redhatcve
redhatcve
added 2026/06/11 11:14 p.m.13 views

CVE-2026-44489

A flaw was found in Axios, a promise-based HTTP client. A remote attacker could exploit a prototype pollution vulnerability, which occurs when nested objects are created without proper checks, allowing an attacker to inject malicious properties into Object.prototype. This vulnerability specifical...

5.3CVSS5.1AI score0.00228EPSS
Exploits1References4
osv
osv
added 2026/06/11 5:16 p.m.5 views

DEBIAN-CVE-2026-44486

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axi...

7.5CVSS5.3AI score0.00532EPSS
Exploits1References1
osv
osv
added 2026/06/11 5:16 p.m.7 views

UBUNTU-CVE-2026-44486

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axi...

7.5CVSS5.3AI score0.00532EPSS
Exploits1References3
debiancve
debiancve
added 2026/06/11 3:39 p.m.10 views

CVE-2026-44486

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axi...

7.5CVSS5.3AI score0.00532EPSS
Exploits1
euvd
euvd
added 2026/06/11 3:39 p.m.11 views

EUVD-2026-36263

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axi...

7.5CVSS5.5AI score0.00532EPSS
Exploits1References1
cve
cve
added 2026/06/11 3:39 p.m.42 views

CVE-2026-44486

Axios (Node.js) prior to 0.32.0 and 1.16.0 is vulnerable to leaking Proxy-Authorization credentials to a redirect target when using an authenticated proxy and automatic redirects. If a request uses a proxy and follows a redirect that switches to a direct connection, a stale Proxy-Authorization he...

7.5CVSS5.5AI score0.00532EPSS
Exploits1References29Affected Software1
osv
osv
added 2026/06/11 3:39 p.m.3 views

CVE-2026-44486 Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axi...

7.5CVSS5.9AI score0.00532EPSS
Exploits1References27
euvd
euvd
added 2026/06/11 3:38 p.m.9 views

EUVD-2026-36262

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is...

8.2CVSS5.5AI score0.00664EPSS
Exploits1References1
cve
cve
added 2026/06/11 3:30 p.m.102 views

CVE-2026-44489

Axios version range 1.15.2–1.15.x is vulnerable to a header injection via the Proxy-Authorization header. The root cause is that nested objects created by utils.merge() (e.g., config.proxy) retain plain {} with Object.prototype in their chain, and setProxy() in lib/adapters/http.js (lines ~209–22...

5.3CVSS5.5AI score0.00228EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder