|
11
|
7.5 |
HIGH
Network
|
powerdns
|
dnsdist
|
A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the conne…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-33595
|
2026-04-25 03:49 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
7.5 |
HIGH
Network
|
powerdns
|
dnsdist
|
A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.
New
|
CWE-369
Divide By Zero
|
CVE-2026-33593
|
2026-04-25 03:49 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype…
New
|
CWE-915
CWE-1321
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-42044
|
2026-04-25 03:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
7.2 |
HIGH
Network
|
-
|
-
|
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 r…
New
|
CWE-183
CWE-441
CWE-918
Permissive List of Allowed Inputs
Confused Deputy
Server-Side Request Forgery (SSRF)
|
CVE-2026-42043
|
2026-04-25 03:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict …
New
|
CWE-183
CWE-201
Permissive List of Allowed Inputs
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-42042
|
2026-04-25 03:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype…
New
|
CWE-287
CWE-1321
Improper Authentication
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-42041
|
2026-04-25 03:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
3.7 |
LOW
Network
|
-
|
-
|
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode() function in lib/helpers/AxiosURLSearchParams.js contains a character mapping (charMap) at li…
New
|
CWE-116
CWE-626
Improper Encoding or Escaping of Output
|
CVE-2026-42040
|
2026-04-25 03:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
- |
|
-
|
-
|
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as reque…
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-42039
|
2026-04-25 03:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, he fix for no_proxy hostname normalization bypass is incomplete. When no_proxy=localhost is set, requests…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42038
|
2026-04-25 03:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.1, the FormDataPart constructor in lib/helpers/formDataToStream.js interpolates value.type directly into th…
New
|
CWE-93
CRLF Injection
|
CVE-2026-42037
|
2026-04-25 03:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
