Common Vulnerabilities and Exposures (CVE)

CVE-2026-44495

Jul 2, 2026 12:04:53 UTC

Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has ...

CVE-2026-44496

Jul 2, 2026 12:04:53 UTC

Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metachar...

CVE-2026-53059

Jul 2, 2026 12:04:53 UTC

In the Linux kernel, the following vulnerability has been resolved: dm log: fix out-of-bounds write due to region_count overflow The local variable region_count in create_log_context() is declared as unsigned int (32-bit), but dm_sector_d...

CVE-2026-44172

Jul 2, 2026 12:04:52 UTC

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysql_real_escape_string() and sending it to the database using text proto...

CVE-2026-25679

Jul 2, 2026 12:04:52 UTC

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

CVE-2026-32280

Jul 2, 2026 12:04:52 UTC

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct user...

CVE-2026-32283

Jul 2, 2026 12:04:51 UTC

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS ...

CVE-2026-33810

Jul 2, 2026 12:04:51 UTC

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certi...

CVE-2026-33811

Jul 2, 2026 12:04:50 UTC

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

CVE-2026-44249

Jul 2, 2026 12:04:50 UTC

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in I...

CVE-2026-45416

Jul 2, 2026 12:04:50 UTC

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode() reads the 24-bit TLS handshake length and, when the ClientHello does ...

CVE-2026-50010

Jul 2, 2026 12:04:50 UTC

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers() and related paths wrap any user-supplied plain X5...

CVE-2026-29063

Jul 2, 2026 12:04:49 UTC

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs. Thi...

CVE-2026-44487

Jul 2, 2026 12:04:49 UTC

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This ...

CVE-2026-44494

Jul 2, 2026 12:04:48 UTC

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependen...