727 matches found
EUVD-2026-29155
An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information...
CVE-2026-4893
An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information...
ALPINE-CVE-2026-4893
An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information...
CVE-2026-4893
CVE-2026-4893 is an information-disclosure vulnerability in dnsmasq. A crafted DNS packet containing RFC 7871 client-subnet information allows remote attackers to bypass source checks. Affected component: dnsmasq’s DNS handling. Underlying impact per sources is information disclosure; exploitatio...
CVE-2026-4893 CVE-2026-4893
An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information...
CVE-2026-4893
An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information...
CVE-2026-4893 CVE-2026-4893
An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information...
CVE-2026-4893
An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information...
CVE-2026-4893
An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information...
UBUNTU-CVE-2026-4893
An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information...
PT-2026-39701
Name of the Vulnerable Software and Affected Versions dnsmasq affected versions not specified Description An information disclosure issue allows remote attackers to bypass source checks by using a crafted DNS packet containing RFC 7871 client subnet information. Recommendations At the moment, the...
Node.js Module axios < 1.15.1 Multiple Vulnerabilities
The version of the axios Node.js module installed on the remote host is prior to 1.15.1. It is, therefore, affected by multiple vulnerabilities: - Prototype pollution gadgets in axios allow response tampering, data exfiltration, and request hijacking. CVE-2026-42033 - Axios' HTTP adapter-streamed...
NPM: Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0
NPM: Axios: Incomplete Fix for CVE-2025-62718 — NOPROXY Protection Bypassed via RFC 1122 Loopback Subnet 127.0.0.0/8 in Axios 1.15.0 vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...
Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0
Executive Summary This report documents an incomplete security patch for the previously disclosed vulnerability GHSA-3p68-rc4w-qgx5 CVE-2025-62718, which affects the NOPROXY hostname resolution logic in the Axios HTTP library. Background — The Original Vulnerability The original vulnerability...
CLSA-2026-1776960429 busybox: Fix of 4 CVEs
CVE-2018-1000517: fix heap buffer overflow in wget chunked decoding - CVE-2017-16544: reject terminal control sequences in shell tab completion - CVE-2018-20679: reject zero-length DHCP options and validate 4-byte option lengths - CVE-2019-5747: validate DHCPSUBNET option length before decoding...
busybox: Fix of 4 CVEs
CVE-2018-1000517: fix heap buffer overflow in wget chunked decoding - CVE-2017-16544: reject terminal control sequences in shell tab completion - CVE-2018-20679: reject zero-length DHCP options and validate 4-byte option lengths - CVE-2019-5747: validate DHCPSUBNET option length before decoding...
CVE-2026-42043
Axios: CVE-2026-42043 affects Axios versions prior to 1.15.1 and 0.31.1, where an attacker controlling the request URL could bypass NO_PROXY by using loopback 127.0.0.0/8 addresses (except 127.0.0.1). Root cause is an incomplete fix for CVE-2025-62718. Impact is potential exposure via proxy/SSRF ...
CVE-2026-42043 Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 range other than 127.0.0.1 to completely bypass the NOPROXY protection. This vulnerability is due t...
CLSA-2026-1776959688 busybox: Fix of 4 CVEs
CVE-2018-1000517: fix heap buffer overflow in wget chunked decoding - CVE-2017-16544: reject terminal control sequences in shell tab completion - CVE-2018-20679: reject zero-length DHCP options and validate 4-byte option lengths - CVE-2019-5747: validate DHCPSUBNET option length before decoding...
Unity Linux 20.1070e Security Update: unbound (UTSA-2026-007096)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007096 advisory. A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also...