Lucene search
K

453 matches found

RedhatCVE
RedhatCVE
added 2026/05/05 11:17 a.m.12 views

CVE-2026-42039

A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the toFormData function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js...

7.5CVSS5.8AI score0.00744EPSS
Exploits1References4
OSV
OSV
added 2026/05/05 12:34 a.m.5 views

GHSA-62HF-57XW-28J9 Axios: unbounded recursion in toFormData causes DoS via deeply nested request data

Summary toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. Details lib/helpers/toFormData.js:210 defines an inner buildvalue, path that recurses into every object/array child line 225:...

7.5CVSS5.9AI score0.00744EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/05 12:34 a.m.16 views

EUVD-2026-25605

Axios: unbounded recursion in toFormData causes DoS via deeply nested request data...

7.5CVSS5.8AI score0.00744EPSS
Exploits1References2
Veracode
Veracode
added 2026/04/30 9:54 a.m.9 views

Uncontrolled Recursion

Axios is vulnerable to uncontrolled recursion. The vulnerability is due to the toFormData function recursively processing deeply nested objects without a depth limit, which allows an attacker to supply specially crafted input that triggers a stack overflow and crashes the Node.js process...

7.5CVSS5.3AI score0.00744EPSS
Exploits1References43Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-42039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, s...

7.5CVSS5.8AI score0.00744EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.8 views

SUSE SLES12 Security Update : ImageMagick (SUSE-SU-2026:1596-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1596-1 advisory. - CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing bsc1262154. - CVE-2026-33900: Denial of Service via integer truncati...

7.5CVSS5.6AI score0.0051EPSS
Exploits0References19
Snyk
Snyk
added 2026/04/24 7:18 p.m.6 views

Uncontrolled Recursion

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Uncontrolled Recursion through the toFormData recursive serializer in lib/helpers/toFormData.js. An attacker can crash a process by supplying a deeply nested object as...

8.7CVSS5.5AI score0.00744EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/24 6:1 p.m.34 views

CVE-2026-42039 Axios: unbounded recursion in toFormData causes DoS via deeply nested request data

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. This vulnerability is fixed in 1.15.1 and...

6.9CVSS0.00744EPSS
Exploits1References1
CVE
CVE
added 2026/04/24 6:1 p.m.62 views

CVE-2026-42039

CVE-2026-42039 affects Axios’ toFormData function, where passing deeply nested request data can trigger unbounded recursion and crash the Node.js process with a RangeError. Affected versions are before 1.15.1 and 0.31.1; remediation is to upgrade to 1.15.1 or 0.31.1. The vulnerability impacts Axi...

7.5CVSS5.3AI score0.00744EPSS
Exploits1References41Affected Software1
Snyk
Snyk
added 2026/04/22 8:23 p.m.8 views

Uncontrolled Recursion

Overview @xmldom/xmldom is a javascript ponyfill to provide the following APIs that are present in modern browsers to other runtimes. Since version 0.7.0 this package is published to npm as @xmldom/xmldom and no longer as xmldom Affected versions of this package are vulnerable to Uncontrolled...

8.7CVSS5.5AI score0.00643EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 8:23 p.m.17 views

Uncontrolled Recursion

Overview xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to Uncontrolled Recursion in the recursive processing of deeply nested XML documents by several DOM-related operations, including...

8.7CVSS5.4AI score0.00643EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 8:23 p.m.8 views

Uncontrolled Recursion

Overview org.webjars.npm:xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to Uncontrolled Recursion in the recursive processing of deeply nested XML documents by several DOM-related...

8.7CVSS5.4AI score0.00643EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/21 11:41 a.m.9 views

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

9.8CVSS5.9AI score0.00548EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/21 11:21 a.m.6 views

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

9.8CVSS5.9AI score0.00548EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/21 10:18 a.m.7 views

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

9.8CVSS5.9AI score0.00548EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/20 7:23 p.m.7 views

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

9.8CVSS5.9AI score0.00548EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/17 11:5 p.m.4 views

CVE-2026-40324 Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents

Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...

9.1CVSS5.7AI score0.00902EPSS
Exploits0References12
CVE
CVE
added 2026/04/17 11:5 p.m.13 views

CVE-2026-40324

Hot Chocolate (GraphQL server) contains a vulnerability in Utf8GraphQLParser: prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, the recursive descent parser has no recursion-depth limit, so deeply nested GraphQL documents (as small as ~40 KB) can trigger a StackOverflowException. This unca...

9.1CVSS5.7AI score0.00902EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/04/16 10:22 p.m.8 views

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

9.8CVSS5.9AI score0.00548EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/16 9:15 p.m.6 views

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

9.8CVSS5.9AI score0.00548EPSS
Exploits0References7
Rows per page
Query Builder