CVE-2026-29087 @hono/node-server: Authorization bypass for protected static paths via encoded slashes in Serve Static Middleware

@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections e.g. protecting /admin/, inconsistent URL decoding can allow protected static resources to be accessed...

CVE-2026-29087 @hono/node-server: Authorization bypass for protected static paths via encoded slashes in Serve Static Middleware

@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections e.g. protecting /admin/, inconsistent URL decoding can allow protected static resources to be accessed...

Node.js Adapter for Hono 安全漏洞

The Node.js Adapter for Hono is an open-source tool developed by Hono, designed to run Hono applications on Node.js. Versions of the Node.js Adapter for Hono prior to 1.19.10 contained a security vulnerability. This vulnerability stemmed from inconsistent URL decoding, which could allow access to...

MiracleLinux 9 : golang-1.19.10-1.el9, go-toolset-1.19.10-1.el9 (AXSA:2023-6174:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6174:04 advisory. golang: cmd/go: go command may generate unexpected code at build time when using cgo CVE-2023-29402 golang: cmd/go: go command may execute arbitrary...

CVE-2022-0868

Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10...

CVE-2023-29404 affecting package msft-golang for versions less than 1.19.10-1

CVE-2023-29404 affecting package msft-golang for versions less than 1.19.10-1. An upgraded version of the package is available that resolves this issue...

AZL-27150 CVE-2023-29404 affecting package msft-golang for versions less than 1.19.10-1

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...

AZL-27122 CVE-2023-29402 affecting package msft-golang for versions less than 1.19.10-1

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...

Incorrect Privilege Assignment

Overview std/runtime is a Go standard library package std/runtime Affected versions of this package are vulnerable to Incorrect Privilege Assignment. Go Vulnerability Report:On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be...

AZL-11129 CVE-2022-2880 affecting package golang for versions less than 1.19.10-1

Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...

GHSA-8H2F-7JC4-7M3M Open Redirect in urijs

urijs prior to version 1.19.10 is vulnerable to open redirect. This is the result of a bypass for the fix to CVE-2022-0613...

MediaWiki Multiple Vulnerabilities -02 (Nov 2015) - Linux

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

CVE-2013-6453

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML...

DEBIAN-CVE-2013-6454

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute...

CVE-2013-4571

Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors...

Buffer overflow

Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors...

UBUNTU-CVE-2013-6452

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file...

CVE-2013-4574

Cross-site scripting XSS vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos...

CVE-2013-6454

MediaWiki XSS (CVE-2013-6454) affects: MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1. Vulnerability: remote attacker can inject arbitrary web script or HTML via a -o-link attribute. The provided documents do not include further technical details, exploit code, or patch in...