12 matches found
CVE-2026-42040
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00' correctly...
EUVD-2026-25608
Axios: Incomplete Fix for CVE-2025-62718 — NOPROXY Protection Bypassed via RFC 1122 Loopback Subnet 127.0.0.0/8 in Axios 1.15.0...
CVE-2026-42034 Axios: HTTP adapter streamed uploads bypass maxBodyLength when maxRedirects: 0
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, for stream request bodies, maxBodyLength is bypassed when maxRedirects is set to 0 native http/https transport path. Oversized streamed uploads are sent fully even when the caller sets strict body limits...
CVE-2026-42041 Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...
CVE-2026-42040 Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00' correctly...
CVE-2026-42035 Axios: Header Injection via Prototype Pollution
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios HTTP adapter lib/adapters/http.js that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type...
CVE-2026-42035
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios HTTP adapter lib/adapters/http.js that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type...
Axios 安全漏洞
Axios is an open-source HTTP client developed by Axios. Versions of Axios prior to 1.15.1 and 0.31.1 contain security vulnerabilities. These vulnerabilities stem from a character mapping in the encode function, where empty bytes encoded with the security percent symbol are reversed back to origin...
Axios 安全漏洞
Axios is an open-source HTTP client developed by Axios. Versions prior to Axios 1.15.1 and 0.31.1 contain security vulnerabilities. These vulnerabilities arise when Object.prototype is compromised, allowing attackers to silently intercept and modify each JSON response, or completely hijack the...
CVE-2025-66548
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...
Linux Distros Unpatched Vulnerability : CVE-2019-14851
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing...
AZL-64070 CVE-2025-6140 affecting package doxygen for versions less than 1.9.8-2
A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scopedpadder in the library include/spdlog/patternformatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit h...