CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1445 matches found

Cvelist•added 2026/04/09 9:34 p.m.•20 views

CVE-2026-33774 Junos OS: MX Series: Firewall filters on lo0.<non-0> in the default routing instance are not in effect

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the configured firewall filter and access the control-plane of the device. On MX platform...

6.9CVSS0.00183EPSS

Exploits0References1

ATTACKERKB•added 2026/04/09 9:34 p.m.•3 views

CVE-2026-33774

6.9CVSS5.9AI score0.00183EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/09 9:34 p.m.•2 views

CVE-2026-33774 Junos OS: MX Series: Firewall filters on lo0.<non-0> in the default routing instance are not in effect

6.9CVSS5.8AI score0.00183EPSS

Exploits0References1

CVE•added 2026/04/09 9:27 p.m.•11 views

CVE-2026-35634

OpenClaw Canvas Gateway is affected by an authentication bypass in versions before 2026.3.23. The issue stems from authorizeCanvasRequest() unconditionally allowing local-direct requests without validating bearer tokens or canvas capabilities, enabling unauthenticated loopback HTTP and WebSocket ...

5.1CVSS5.9AI score0.00141EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/04/09 9:27 p.m.•1 views

CVE-2026-35634 OpenClaw < 2026.3.23 - Authentication Bypass via Local-Direct Requests in Canvas Gateway

OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP and WebSocket request...

5.1CVSS5.8AI score0.00141EPSS

Exploits0References4

ATTACKERKB•added 2026/04/09 9:27 p.m.•2 views

CVE-2026-35634

5.1CVSS5.9AI score0.00141EPSS

Exploits0References5

EUVD•added 2026/04/09 5:32 p.m.•5 views

EUVD-2025-209381

Axios has a NOPROXY Hostname Normalization Bypass Leads to SSRF...

9.3CVSS5.9AI score0.01075EPSS

Exploits1References7

OSV•added 2026/04/09 5:32 p.m.•1 views

GHSA-3P68-RC4W-QGX5 Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF

Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go through the configured proxy. This goes against what developers expect and lets attackers force...

6.3CVSS5.7AI score0.01075EPSS

Exploits1References11

Github Security Blog•added 2026/04/09 5:32 p.m.•9 views

Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF

9.9CVSS5.7AI score0.01075EPSS

Exploits1References11Affected Software1

Snyk•added 2026/04/09 4:14 p.m.•2 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via improper hostname normalization in the NOPROXY environment variable. An attacker controlling reques...

9.9CVSS5.7AI score0.01075EPSS

Exploits1References2

NVD•added 2026/04/09 3:16 p.m.•1 views

CVE-2025-62718

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go...

9.9CVSS0.01075EPSS

Exploits1References9

OSV•added 2026/04/09 3:16 p.m.•1 views

DEBIAN-CVE-2025-62718

9.9CVSS5.3AI score0.01075EPSS

Exploits1References1

UbuntuCve•added 2026/04/09 3:16 p.m.•1 views

CVE-2025-62718

9.9CVSS6.2AI score0.01075EPSS

Exploits1References7

OSV•added 2026/04/09 3:16 p.m.•3 views

UBUNTU-CVE-2025-62718

9.9CVSS6.2AI score0.01075EPSS

Exploits1References8

Cvelist•added 2026/04/09 2:31 p.m.•19 views

CVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF

6.3CVSS0.01075EPSS

Exploits1References9

Vulnrichment•added 2026/04/09 2:31 p.m.•1 views

CVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF

6.3CVSS5.7AI score0.01075EPSS

Exploits1References9

ATTACKERKB•added 2026/04/09 2:31 p.m.•3 views

CVE-2025-62718

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go through the...

9.3CVSS5.8AI score0.01075EPSS

Exploits1References7Affected Software1

CVE•added 2026/04/09 2:31 p.m.•603 views

CVE-2025-62718

Axios prior to 1.15.0 has a hostname normalization flaw when evaluating NO_PROXY rules. Requests to loopback addresses (e.g., localhost with a trailing dot or IPv6 [::1]) can bypass NO_PROXY and be routed through the configured proxy. This bypass enables potential proxy circumvention and SSRF aga...

9.9CVSS5.7AI score0.01075EPSS

Exploits1References9Affected Software1

Debian CVE•added 2026/04/09 2:31 p.m.•2 views

CVE-2025-62718

9.9CVSS5.3AI score0.01075EPSS

Exploits1

Positive Technologies•added 2026/04/09 12:0 a.m.•1 views

PT-2026-31769

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.23 Description OpenClaw contains an authentication bypass in the Canvas gateway. The authorizeCanvasRequest function unconditionally allows local-direct requests without validating bearer tokens or canvas...

5.1CVSS5.8AI score0.00141EPSS

Exploits0References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by