Lucene search
K

102 matches found

nessus
nessus
added 2026/04/16 12:0 a.m.41 views

Node.js Module axios < 1.15.0 Multiple Vulnerabilities

The version of the axios Node.js module installed on the remote host is prior to 1.15.0. It is, therefore, affected by multiple vulnerabilities: - Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot...

9.9CVSS6.1AI score0.01815EPSS
Exploits6References4
veracode
veracode
added 2026/04/13 12:44 p.m.5 views

Server-Side Request Forgery (SSRF)

Axios is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper hostname normalization when evaluating NOPROXY rules, where crafted loopback addresses e.g., localhost. or ::1 bypass proxy exclusions and are routed through the proxy, allowing attackers to access...

9.9CVSS5.8AI score0.01161EPSS
Exploits1References44Affected Software1
susecve
susecve
added 2026/04/11 9:29 a.m.8 views

SUSE CVE-2025-62718

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go...

9.9CVSS5.7AI score0.01161EPSS
Exploits1References4
redhatcve
redhatcve
added 2026/04/10 10:36 p.m.4 views

CVE-2025-62718

A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NOPROXY rules. An attacker can exploit this by crafting requests to loopback addresses e.g., localhost. or ::1 which bypass the NOPROXY...

9.9CVSS5.7AI score0.01161EPSS
Exploits1References9
euvd
euvd
added 2026/04/09 5:32 p.m.10 views

EUVD-2025-209381

Axios has a NOPROXY Hostname Normalization Bypass Leads to SSRF...

9.3CVSS5.9AI score0.01161EPSS
Exploits1References7
osv
osv
added 2026/04/09 5:32 p.m.2 views

GHSA-3P68-RC4W-QGX5 Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF

Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go through the configured proxy. This goes against what developers expect and lets attackers force...

6.3CVSS5.7AI score0.01161EPSS
Exploits1References11
github
github
added 2026/04/09 5:32 p.m.11 views

Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF

Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go through the configured proxy. This goes against what developers expect and lets attackers force...

9.9CVSS5.7AI score0.01161EPSS
Exploits1References11Affected Software1
snyk
snyk
added 2026/04/09 4:14 p.m.3 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via improper hostname normalization in the NOPROXY environment variable. An attacker controlling reques...

9.9CVSS5.7AI score0.01161EPSS
Exploits1References2
osv
osv
added 2026/04/09 3:16 p.m.2 views

DEBIAN-CVE-2025-62718

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go...

9.9CVSS5.3AI score0.01161EPSS
Exploits1References1
nvd
nvd
added 2026/04/09 3:16 p.m.2 views

CVE-2025-62718

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go...

9.9CVSS0.01161EPSS
Exploits1References42
osv
osv
added 2026/04/09 3:16 p.m.6 views

UBUNTU-CVE-2025-62718

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go...

9.9CVSS6.2AI score0.01161EPSS
Exploits1References8
cvelist
cvelist
added 2026/04/09 2:31 p.m.25 views

CVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go...

6.3CVSS0.01161EPSS
Exploits1References9
vulnrichment
vulnrichment
added 2026/04/09 2:31 p.m.2 views

CVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go...

6.3CVSS5.7AI score0.01161EPSS
Exploits1References9
attackerkb
attackerkb
added 2026/04/09 2:31 p.m.4 views

CVE-2025-62718

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go through the...

9.3CVSS5.8AI score0.01161EPSS
Exploits1References7Affected Software1
debiancve
debiancve
added 2026/04/09 2:31 p.m.3 views

CVE-2025-62718

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go...

9.9CVSS5.3AI score0.01161EPSS
Exploits1
ptsecurity
ptsecurity
added 2026/04/09 12:0 a.m.5 views

PT-2026-31616

Name of the Vulnerable Software and Affected Versions Axios versions prior to 0.31.0 Axios versions prior to 1.15.0 Description Axios does not correctly handle hostname normalization when checking NO PROXY rules. Because the software performs a literal string comparison instead of normalizing...

9.9CVSS7.1AI score0.01161EPSS
Exploits1References354
nessus
nessus
added 2026/03/13 12:0 a.m.7 views

SAP NetWeaver AS Java Multiple Vulnerabilities (3700960)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a affected by a multiple vulnerabilities as disclosed in the SAP Security Patch Day March 2026: - An application trying to decrypt CMS messages encrypted using password based encryption can trigger an...

7.5CVSS6.9AI score0.02016EPSS
Exploits0References3
nessus
nessus
added 2026/02/10 12:0 a.m.3 views

Siemens S7-1500 and SCALANCE Out-of-bounds Read (CVE-2025-9232)

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out- of-bounds read can trigger a crash...

5.9CVSS6.8AI score0.02016EPSS
Exploits0References4
astralinux
astralinux
added 2026/01/27 5:1 a.m.5 views

Astra Linux – Vulnerability in OpenSSL

Issue summary: An application that uses the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the ‘noproxy’ environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can cause a crash,...

5.9CVSS6.8AI score0.02016EPSS
Exploits0References3
nessus
nessus
added 2025/12/18 12:0 a.m.9 views

openSUSE 16 Security Update : openssl-3 (openSUSE-SU-2025:20164-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20164-1 advisory. - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap bsc1250232 - CVE-2025-9231: Fixedk timing side-channel in SM2 algorithm...

7.5CVSS7AI score0.02234EPSS
Exploits0References9
Rows per page
Query Builder