Improper Verification of Cryptographic Signature

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the JWT verification middleware fallback on unverified JWT header when alg field is not present. An attacker can gain unauthorized...

Use of a Broken or Risky Cryptographic Algorithm

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the JWT verification middleware using unsafe default fallback algorithm. An attacker can gain unauthorized access or escalate...

CVE-2026-22817

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the selected JWK did not explicitly specify an algorith...

CVE-2026-22817 JWT Algorithm Confusion via Unsafe Default (HS256) in Hono JWT Middleware Allows Token Forgery and Auth Bypass

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the selected JWK did not explicitly specify an algorith...

CVE-2026-22818 JWT algorithm confusion in Hono JWK Auth Middleware when JWK lacks "alg" (untrusted header.alg fallback)

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly defi...

Hono 数据伪造问题漏洞

Hono is a web framework written in TypeScript from the Hono community. A data forgery issue vulnerability exists in Hono versions prior to 4.11.4 that stems from the JWT validation middleware allowing the JWT header algorithm to influence signature verification, potentially leading to algorithmic...

CVE-2025-68512

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Stored XSS.This issue affects Real 3D FlipBook: from n/a through = 4.11.4...

EUVD-2025-205204

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Stored XSS.This issue affects Real 3D FlipBook: from n/a through = 4.11.4...

CVE-2025-68512

CVE-2025-68512 is a stored XSS vulnerability in the WordPress Real 3D FlipBook plugin (real3d-flipbook-lite) affecting versions up to and including 4.11.4. The root cause is improper neutralization of input during web page generation, allowing attacker-supplied data to execute script in other use...

CVE-2025-68512 WordPress Real 3D FlipBook plugin <= 4.11.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Stored XSS.This issue affects Real 3D FlipBook: from n/a through = 4.11.4...

EUVD-2021-1169

Malware in sbrugna...

WordPress Ajax Search Lite Plugin <= 4.11.4 is vulnerable to Cross Site Scripting (XSS)

Software Ajax Search Lite Type Plugin Vulnerable versions = 4.11.4 Fixed in 4.11.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-21752 Patch priority Medium CVSS severity Medium 7.1 Developer WPdreams PSID feaa068d0729 Credits Le Ngoc Anh Required privilege...

Jenkins Plugin Git 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

GHSA-8XWJ-2WGH-GPRH Lack of authentication mechanism in Jenkins Git Plugin webhook

Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Gi...

Lack of authentication mechanism in Jenkins Git Plugin webhook

Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Gi...

Cross-site Scripting in docsify

docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...

Debian DSA-4888-1 : xen - security update

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, privilege escalation or memory disclosure. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4888. T...

[SECURITY] [DSA 4723-1] xen security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4723-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 12, 2020 https://www.debian.org/security/faq -...

SUSE SLES12 Security Update : xen (SUSE-SU-2020:1632-1)

This update for xen to version 4.11.4 fixes the following issues : CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling...

CVE-2017-9605

The vmwgbsurfacedefineioctl function accessible via DRMIOCTLVMWGBSURFACECREATE in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.11.4 defines a backuphandle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DM...