Lucene search
K

58 matches found

Vulnrichment
Vulnrichment
added 2026/04/24 5:36 p.m.5 views

CVE-2026-42033 Axios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency with keys that axios reads without a hasOwnProperty guard, an attacker can a silently intercept and modify every JSON response before the...

7.4CVSS5.3AI score0.00808EPSS
Exploits1References1
CVE
CVE
added 2026/04/24 5:36 p.m.68 views

CVE-2026-42033

CVE-2026-42033 affects Axios, a promise-based HTTP client. Before versions 1.15.1 and 0.31.1, if Object.prototype is polluted by another dependency without a hasOwnProperty guard, an attacker could silently intercept/modify every JSON response or hijack the underlying HTTP transport to access cre...

7.4CVSS5.4AI score0.00808EPSS
Exploits1References41Affected Software1
NVD
NVD
added 2026/04/21 3:16 p.m.7 views

CVE-2025-31958

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...

8.2CVSS0.00177EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 1:59 p.m.5 views

CVE-2025-31958 HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...

3.7CVSS5.8AI score0.00177EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-1595

Malware in sbrugna...

6.8CVSS6.1AI score0.01315EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2025/06/09 12:0 a.m.6 views

The vulnerability of the GNOME graphical interface library libsoup allows a attacker to perform a “HTTP request hijacking” attack.

The vulnerability of the GNOME graphical interface’s libsoup library is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to carry out an “HTTP request hijacking” attack...

7.8CVSS7.2AI score0.00793EPSS
Exploits1References19Affected Software9
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.5 views

The vulnerability of the aiohttp HTTP client, related to deficiencies in handling HTTP request headers, allows attackers to execute the “HTTP request hijacking” attack.

The vulnerability of the aiohttp HTTP client is related to deficiencies in the handling of HTTP request headers. Exploiting this vulnerability allows a remote attacker to execute an “HTTP request hijacking” attack...

7.8CVSS7AI score0.00576EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/08/19 12:0 a.m.6 views

The vulnerability of the WSGI-server Gunicorn, related to defects in HTTP request processing, allows attackers to circumvent existing security restrictions and execute a “HTTP request hijacking” attack.

The vulnerability of the WSGI-server Gunicorn is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and carry out an “HTTP request hijacking” attack...

7.8CVSS7.1AI score0.00738EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/07/29 12:0 a.m.8 views

The vulnerability of the Apache Traffic Server web server arises from insufficient validation of input data, allowing attackers to carry out “HTTP request hijacking” attacks.

The vulnerability of the Apache Traffic Server exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to carry out an “HTTP request hijacking” attack remotely...

9CVSS7.1AI score0.0097EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/29 12:0 a.m.9 views

The vulnerability of the Apache Traffic Server web server arises from insufficient validation of input data, allowing attackers to carry out “HTTP request hijacking” attacks.

The vulnerability of the Apache Traffic Server exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to carry out an “HTTP request hijacking” attack remotely...

9CVSS7.1AI score0.00987EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/07 12:0 a.m.6 views

The vulnerability of the WSGI-server Gunicorn, related to defects in HTTP request processing, allows attackers to circumvent existing security restrictions and execute a “HTTP request hijacking” attack.

The vulnerability of the WSGI-server Gunicorn is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and carry out an “HTTP request hijacking” attack...

7.8CVSS7.2AI score0.02996EPSS
Exploits0References11Affected Software13
BDU FSTEC
BDU FSTEC
added 2024/04/01 12:0 a.m.8 views

The vulnerability of the server software HAProxy, related to the rerouting of empty Content-Length headers, allows a hacker to perform a “HTTP request hijacking” attack.

The vulnerability of the server software HAProxy relates to the rerouting of empty headers called Content-Length. Exploiting this vulnerability allows a malicious actor to carry out an “HTTP request hijacking” attack...

7.2CVSS7.1AI score0.01815EPSS
Exploits1References13Affected Software4
BDU FSTEC
BDU FSTEC
added 2024/02/06 12:0 a.m.13 views

The vulnerability of the aiohttp HTTP client, related to deficiencies in HTTP request processing, allows attackers to execute the “HTTP request hijacking” attack.

The vulnerability of the aiohttp HTTP client is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to perform an “HTTP request hijacking” attack...

6.5CVSS6.5AI score0.01029EPSS
Exploits1References6Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/08/24 12:0 a.m.7 views

The vulnerability of the Node.js software platform, related to deficiencies in HTTP request processing, allows a perpetrator to carry out a “HTTP request hijacking” attack.

The vulnerability of the Node.js software platform is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to carry out an “HTTP request hijacking” attack...

7.8CVSS7AI score0.03906EPSS
Exploits1References7Affected Software3
Hacker One
Hacker One
added 2023/06/07 8:5 a.m.16 views

Mozilla: Internal Blind Server-Side Request Forgery (SSRF) allows scanning internal ports

Vulnerability description not provided...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/04/13 12:0 a.m.9 views

The vulnerability of the mod_proxy_uwsgi component in the Apache HTTP Server is related to deficiencies in HTTP request processing, allowing attackers to carry out a “HTTP request hijacking” attack.

The vulnerability of the modproxyuwsgi component in the Apache HTTP Server is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to carry out an “HTTP request hijacking” attack...

9CVSS7.2AI score0.02134EPSS
Exploits0References16Affected Software18
BDU FSTEC
BDU FSTEC
added 2023/02/17 12:0 a.m.9 views

The vulnerability of the server software HAProxy, related to deficiencies in HTTP request processing, allows attackers to carry out the “HTTP request hijacking” attack.

The vulnerability of the server-side software HAProxy is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to carry out an “HTTP request hijacking” attack...

7.8CVSS7.4AI score0.05493EPSS
Exploits0References18Affected Software12
BDU FSTEC
BDU FSTEC
added 2022/07/15 12:0 a.m.6 views

The vulnerability of the Node.js software platform, related to deficiencies in HTTP request processing, allows a perpetrator to carry out a “HTTP request hijacking” attack.

The vulnerability of the Node.js software platform is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to carry out an “HTTP request hijacking” attack...

7.5CVSS6.7AI score0.81464EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.14 views

The vulnerability of the microprogrammed network interface devices of Advanced Secure Gateway (ASG) and ProxySG, related to HTTP request processing flaws, allows attackers to execute the “HTTP request hijacking” attack.

The vulnerability of the Advanced Secure Gateway ASG and ProxySG’s microprogramming software lies in the shortcomings of their HTTP request processing. Exploiting this vulnerability allows a remote attacker to execute an “HTTP request hijacking” attack...

9.4CVSS7.9AI score0.01525EPSS
Exploits0References2Affected Software2
CNVD
CNVD
added 2018/07/10 12:0 a.m.5 views

Multiple IBM Rational Products Information Disclosure Vulnerabilities (CNVD-2018-23242)

IBM Rational Collaborative Lifecycle Management CLM is a set of collaborative lifecycle management solutions.Rational Quality Manager RQM is a set of collaborative, web-based quality management solutions. IBM Rational Collaborative Lifecycle Management CLM is a collaborative lifecycle management...

4.3CVSS6.1AI score0.00897EPSS
Exploits0References1
Rows per page
Query Builder