Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

RedHat Linux
RedHat Linuxadded 2026/05/04 11:37 p.m.4 views

axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization

A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NOPROXY rules. An attacker can exploit this by crafting requests to loopback addresses e.g., localhost. or ::1 which bypass the NOPROXY...

9.9CVSS6.2AI score0.00069EPSS
Exploits1References10
SUSE CVE
SUSE CVEadded 2026/04/11 9:29 a.m.4 views

SUSE CVE-2025-62718

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go...

9.9CVSS5.7AI score0.00069EPSS
Exploits1References3
EUVD
EUVDadded 2026/04/09 5:32 p.m.3 views

EUVD-2025-209381

Axios has a NOPROXY Hostname Normalization Bypass Leads to SSRF...

9.3CVSS5.9AI score0.00069EPSS
Exploits1References7
Rows per page
Query Builder