CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

119 matches found

Siemens RUGGEDCOM RST2428P Insertion of Sensitive Information Into Sent Data (CVE-2025-66035)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential...

7.7CVSS6.3AI score0.00601EPSS

Exploits0References4

Github Security Blog•added 2026/06/04 2:24 p.m.•72 views

Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection

Summary Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who can influence the cookie name passed to axios can cause...

7.5CVSS6AI score0.00345EPSS

Exploits1References4Affected Software1

OSV•added 2026/05/05 12:25 a.m.•2 views

GHSA-XX6V-RP6X-Q39C Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion

Vulnerability Disclosure: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in withXSRFToken Boolean Coercion Summary The Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. Whe...

5.4CVSS5.8AI score0.00228EPSS

Exploits1References3

Github Security Blog•added 2026/05/05 12:25 a.m.•8 views

Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion

5.4CVSS5.8AI score0.00228EPSS

Exploits1References3Affected Software1

Tenable Nessus•added 2026/04/27 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-42042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses JavaScript...

5.4CVSS5.9AI score0.00228EPSS

Exploits1References4

Snyk•added 2026/04/24 7:21 p.m.•11 views

Insertion of Sensitive Information Into Sent Data

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data through the request configuration handling in the adapters/xhr.js adapter and helpers/resolveConfig.js‎. An attacker can...

6.1CVSS5.4AI score0.00228EPSS

Exploits1References3

CVE•added 2026/04/24 6:3 p.m.•65 views

CVE-2026-42042

Axios is affected by a cross-origin leakage due to XSRF token handling when withXSRFToken is set to truthy non-boolean values. Prior to versions 1.15.1 and 0.31.1, the protection logic used truthy/falsy semantics instead of strict boolean comparison, short-circuiting the isURLSameOrigin check and...

5.4CVSS5.3AI score0.00228EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2026/04/24 6:3 p.m.•3 views

CVE-2026-42042

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. When this property is set to any truthy...

5.4CVSS5.3AI score0.00228EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/04/24 6:3 p.m.•1 views

CVE-2026-42042 Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion

5.4CVSS5.3AI score0.00228EPSS

Exploits1References1

Cvelist•added 2026/04/24 6:3 p.m.•26 views

CVE-2026-42042 Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion

5.4CVSS0.00228EPSS

Exploits1References1

ATTACKERKB•added 2026/03/03 10:28 p.m.•3 views

CVE-2026-3266

Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs. This issue affects Filr: through 25.1.2...

8.3CVSS5.9AI score0.00342EPSS

Exploits0References2

Vulnrichment•added 2026/03/03 10:28 p.m.•5 views

CVE-2026-3266 Improper access control vulnerability has been discovered in OpenText™ Filr.

8.3CVSS5.9AI score0.00342EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:52 a.m.•8 views

CVE-2022-42188

In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server...

7.5CVSS6.7AI score0.00935EPSS

Exploits1References1

Packet Storm•added 2025/12/23 12:0 a.m.•401 views

📄 Crafty Controller 4.6.1 Remote Code Execution / Server-Side Template Injection

Crafty Controller version 4.6.1 allows authenticated remote attackers to execute arbitrary system commands on the target server through server-side template injection the webhook configuration feature...

9.9CVSS7.8AI score0.05995EPSS

Exploits2

Tenable Nessus•added 2025/12/01 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2025-66035

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16,...

7.7CVSS6.2AI score0.00601EPSS

Exploits0References3