Lucene search
K

5 matches found

OSV
OSV
added 2026/06/11 5:16 p.m.4 views

DEBIAN-CVE-2026-44490

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When Object.prototype is polluted by an upstream dependency in the same process e.g. lodash .merge / CVE-2018-16487, axios silently picks up the...

8.2CVSS5.3AI score0.00287EPSS
Exploits1References1
OSV
OSV
added 2026/06/11 5:16 p.m.5 views

DEBIAN-CVE-2026-44496

Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...

7.5CVSS5.3AI score0.00645EPSS
Exploits1References1
OSV
OSV
added 2026/06/11 5:16 p.m.4 views

UBUNTU-CVE-2026-44496

Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...

7.5CVSS5.4AI score0.00645EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/11 3:38 p.m.34 views

CVE-2026-44487 Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is...

8.2CVSS0.00689EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.13 views

melange 路径遍历漏洞

Melange is a software developed by Chainguard for building APKs from source code. Versions of Melange from 0.32.0 to 0.43.4 had a path traversal vulnerability. This vulnerability stemmed from insufficient validation of the arch and pkgname parameters, allowing attackers to write arbitrary JSON...

4.4CVSS5.9AI score0.00172EPSS
Exploits0References1
Rows per page
Query Builder