Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality (CVE-2026-24398, CVE-2026-24472, CVE-2026-24473, CVE-2026-24771)

Summary Node.js module Hono is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...

CVE-2026-24398 vulnerabilities

Vulnerabilities for packages: langfuse...

CVE-2026-24398 vulnerabilities

Vulnerabilities for packages: langfuse-fips, librechat, langfuse...

CVE-2026-24398

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The IPV4REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts do not properly validate...

CVE-2026-24398 Hono's IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The IPV4REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts do not properly validate...

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @abyedev/hono-dotenv (=1.0.0) +441 more potentially affected by CVE-2026-24398 via hono (>=0.5.10 <=4.11.6)

hono NPM version =0.5.10, =0.1.8-fix.3, =5.0.0, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.1, =0.0.1, =0.0.2-a, =0.1.22, =1.1.1, =0.0.1, =1.7.2, =1.7.1, =1.8.0 and more Source cves: CVE-2026-24398 Source advisory: OSV:GHSA-R354-F388-2FHH...

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @agimon-ai/browse-tool (>=0.2.0 <=0.5.5) +152 more potentially affected by CVE-2026-24398 via hono (>=4.0.0 <=4.11.6)

hono NPM version =4.0.0, =0.1.8-fix.3, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.0.1, =1.7.2, =1.7.1, =0.2.1, =0.6.1, =0.5.2, =1.0.1-beta.0, =1.0.2, =1.0.0, =1.0.1 and more Source cves: CVE-2026-24398 Source advisory: SNYK:JS-HONO-15123483...

CVE-2026-24398

creationtimestamp| type| source ---|---|--- 2026-01-27 12:03:27+00:00| seen| https://bsky.app/profile/undercode.bsky.social/post/3mdfponkprd2e...

CVE-2024-24398

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function...

CVE-2023-24398

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Snap Creek Software EZP Coming Soon Page plugin = 1.0.7.3 versions...

CVE-2022-24398

Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted...

CVE-2025-24398

creationtimestamp| type| source ---|---|--- 2025-01-22 17:15:54+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdumptopd2c 2025-01-22 17:54:36+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113873287621870613 2025-01-22 18:54:35+00:00| seen|...

CVE-2025-24398

Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 both inclusive allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...

CVE-2024-24398

creationtimestamp| type| source ---|---|--- 2024-02-06 01:31:41+00:00| seen| https://t.me/ctinow/179659 2024-02-13 19:17:14+00:00| seen| https://t.me/ctinow/184054 2024-02-29 15:21:35+00:00| seen| https://t.me/ctinow/196715...

CVE-2024-24398

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function...

CVE-2024-24398

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function...

CVE-2024-24398

Stimulsoft Dashboard.JS contains a Directory Traversal vulnerability in the Save function’s fileName parameter, enabling remote arbitrary code execution. Affected versions include before 2024.1.2 (and variants noted in multiple advisories, e.g., before 2024.1.2/1.2 and before 2024.1.3 in separate...

CVE-2023-24398

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Snap Creek Software EZP Coming Soon Page plugin = 1.0.7.3 versions...

CVE-2023-24398

CVE-2023-24398 affects the WordPress EZP Coming Soon Page plugin prior to version 1.0.7.4 (&lt;=1.0.7.3). The vulnerability is an authenticated (admin+) Stored Cross-Site Scripting (XSS) in the plugin. Root cause: stored XSS under admin privileges, allowing injection that could affect site visito...

CVE-2023-24398 WordPress EZP Coming Soon Page Plugin <= 1.0.7.3 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Snap Creek Software EZP Coming Soon Page plugin = 1.0.7.3 versions...