58 matches found
CVE-2026-42033 Axios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency with keys that axios reads without a hasOwnProperty guard, an attacker can a silently intercept and modify every JSON response before the...
CVE-2026-42033
CVE-2026-42033 affects Axios, a promise-based HTTP client. Before versions 1.15.1 and 0.31.1, if Object.prototype is polluted by another dependency without a hasOwnProperty guard, an attacker could silently intercept/modify every JSON response or hijack the underlying HTTP transport to access cre...
CVE-2025-31958
HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...
CVE-2025-31958 HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling
HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...
EUVD-2012-1595
Malware in sbrugna...
The vulnerability of the GNOME graphical interface library libsoup allows a attacker to perform a “HTTP request hijacking” attack.
The vulnerability of the GNOME graphical interface’s libsoup library is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to carry out an “HTTP request hijacking” attack...
The vulnerability of the aiohttp HTTP client, related to deficiencies in handling HTTP request headers, allows attackers to execute the “HTTP request hijacking” attack.
The vulnerability of the aiohttp HTTP client is related to deficiencies in the handling of HTTP request headers. Exploiting this vulnerability allows a remote attacker to execute an “HTTP request hijacking” attack...
The vulnerability of the WSGI-server Gunicorn, related to defects in HTTP request processing, allows attackers to circumvent existing security restrictions and execute a “HTTP request hijacking” attack.
The vulnerability of the WSGI-server Gunicorn is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and carry out an “HTTP request hijacking” attack...
The vulnerability of the Apache Traffic Server web server arises from insufficient validation of input data, allowing attackers to carry out “HTTP request hijacking” attacks.
The vulnerability of the Apache Traffic Server exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to carry out an “HTTP request hijacking” attack remotely...
The vulnerability of the Apache Traffic Server web server arises from insufficient validation of input data, allowing attackers to carry out “HTTP request hijacking” attacks.
The vulnerability of the Apache Traffic Server exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to carry out an “HTTP request hijacking” attack remotely...
The vulnerability of the WSGI-server Gunicorn, related to defects in HTTP request processing, allows attackers to circumvent existing security restrictions and execute a “HTTP request hijacking” attack.
The vulnerability of the WSGI-server Gunicorn is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and carry out an “HTTP request hijacking” attack...
The vulnerability of the server software HAProxy, related to the rerouting of empty Content-Length headers, allows a hacker to perform a “HTTP request hijacking” attack.
The vulnerability of the server software HAProxy relates to the rerouting of empty headers called Content-Length. Exploiting this vulnerability allows a malicious actor to carry out an “HTTP request hijacking” attack...
The vulnerability of the aiohttp HTTP client, related to deficiencies in HTTP request processing, allows attackers to execute the “HTTP request hijacking” attack.
The vulnerability of the aiohttp HTTP client is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to perform an “HTTP request hijacking” attack...
The vulnerability of the Node.js software platform, related to deficiencies in HTTP request processing, allows a perpetrator to carry out a “HTTP request hijacking” attack.
The vulnerability of the Node.js software platform is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to carry out an “HTTP request hijacking” attack...
Mozilla: Internal Blind Server-Side Request Forgery (SSRF) allows scanning internal ports
Vulnerability description not provided...
The vulnerability of the mod_proxy_uwsgi component in the Apache HTTP Server is related to deficiencies in HTTP request processing, allowing attackers to carry out a “HTTP request hijacking” attack.
The vulnerability of the modproxyuwsgi component in the Apache HTTP Server is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to carry out an “HTTP request hijacking” attack...
The vulnerability of the server software HAProxy, related to deficiencies in HTTP request processing, allows attackers to carry out the “HTTP request hijacking” attack.
The vulnerability of the server-side software HAProxy is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to carry out an “HTTP request hijacking” attack...
The vulnerability of the Node.js software platform, related to deficiencies in HTTP request processing, allows a perpetrator to carry out a “HTTP request hijacking” attack.
The vulnerability of the Node.js software platform is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to carry out an “HTTP request hijacking” attack...
The vulnerability of the microprogrammed network interface devices of Advanced Secure Gateway (ASG) and ProxySG, related to HTTP request processing flaws, allows attackers to execute the “HTTP request hijacking” attack.
The vulnerability of the Advanced Secure Gateway ASG and ProxySG’s microprogramming software lies in the shortcomings of their HTTP request processing. Exploiting this vulnerability allows a remote attacker to execute an “HTTP request hijacking” attack...
Multiple IBM Rational Products Information Disclosure Vulnerabilities (CNVD-2018-23242)
IBM Rational Collaborative Lifecycle Management CLM is a set of collaborative lifecycle management solutions.Rational Quality Manager RQM is a set of collaborative, web-based quality management solutions. IBM Rational Collaborative Lifecycle Management CLM is a collaborative lifecycle management...