Lucene search
K

4 matches found

CVE
CVE
added 2026/05/06 9:0 p.m.24 views

CVE-2026-41484

The CVE concerns OpenTelemetry.Exporter.OneCollector for .NET. In versions ≤1.15.0, HttpJsonPostTransport reads the full response body on non-200 HTTP responses, enabling a potential denial-of-service via unbounded memory allocation if the back-end endpoint or an interceptor returns an arbitraril...

5.9CVSS5.8AI score0.00338EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/24 5:59 p.m.6 views

CVE-2026-42034

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, for stream request bodies, maxBodyLength is bypassed when maxRedirects is set to 0 native http/https transport path. Oversized streamed uploads are sent fully even when the caller sets strict body limits...

5.3CVSS5.3AI score0.00327EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/24 5:54 p.m.6 views

CVE-2026-42043 Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 range other than 127.0.0.1 to completely bypass the NOPROXY protection. This vulnerability is due t...

7.2CVSS5.3AI score0.00661EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.9 views

PT-2026-35042

Name of the Vulnerable Software and Affected Versions Axios versions prior to 0.31.1 Axios versions prior to 1.15.1 Description An issue exists where the software reads keys from Object.prototype without a hasOwnProperty guard. If a co-dependency pollutes the Object.prototype, an attacker can...

7.4CVSS5.8AI score0.00838EPSS
Exploits1References253
Rows per page
Query Builder