Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.16 views

CVE-2026-42040

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00' correctly...

3.7CVSS5.5AI score0.00217EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/05 12:20 a.m.16 views

EUVD-2026-25608

Axios: Incomplete Fix for CVE-2025-62718 — NOPROXY Protection Bypassed via RFC 1122 Loopback Subnet 127.0.0.0/8 in Axios 1.15.0...

10CVSS6.2AI score0.01186EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/04/24 5:59 p.m.8 views

CVE-2026-42034 Axios: HTTP adapter streamed uploads bypass maxBodyLength when maxRedirects: 0

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, for stream request bodies, maxBodyLength is bypassed when maxRedirects is set to 0 native http/https transport path. Oversized streamed uploads are sent fully even when the caller sets strict body limits...

5.3CVSS5.2AI score0.00327EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/24 5:55 p.m.3 views

CVE-2026-42041 Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...

4.8CVSS5.3AI score0.00611EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/24 5:40 p.m.37 views

CVE-2026-42040 Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00' correctly...

3.7CVSS0.00217EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/24 5:38 p.m.3 views

CVE-2026-42035 Axios: Header Injection via Prototype Pollution

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios HTTP adapter lib/adapters/http.js that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type...

7.4CVSS5.6AI score0.00394EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 5:38 p.m.4 views

CVE-2026-42035

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios HTTP adapter lib/adapters/http.js that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type...

7.4CVSS5.7AI score0.00394EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions of Axios prior to 1.15.1 and 0.31.1 contain security vulnerabilities. These vulnerabilities stem from a character mapping in the encode function, where empty bytes encoded with the security percent symbol are reversed back to origin...

3.7CVSS5.8AI score0.00217EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to Axios 1.15.1 and 0.31.1 contain security vulnerabilities. These vulnerabilities arise when Object.prototype is compromised, allowing attackers to silently intercept and modify each JSON response, or completely hijack the...

7.4CVSS5.8AI score0.00838EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/09 8:27 a.m.6 views

CVE-2025-66548

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...

5.5CVSS6.8AI score0.0013EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-14851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing...

6.5CVSS6.5AI score0.00992EPSS
Exploits0References2
OSV
OSV
added 2025/06/16 10:16 p.m.7 views

AZL-64070 CVE-2025-6140 affecting package doxygen for versions less than 1.9.8-2

A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scopedpadder in the library include/spdlog/patternformatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit h...

4.8CVSS4.5AI score0.00198EPSS
Exploits1References1
Rows per page
Query Builder