CVE-2026-24398

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The IPV4REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts do not properly validate...

CVE-2026-24398 Hono's IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The IPV4REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts do not properly validate...

Hono IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing

Summary IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The IPV4REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts do not properly validate that IPv4 octet values are within the valid range of 0-255, allowing attackers to craft malformed IP...

GHSA-R354-F388-2FHH Hono IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing

Summary IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The IPV4REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts do not properly validate that IPv4 octet values are within the valid range of 0-255, allowing attackers to craft malformed IP...

PT-2026-4917

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.11.7 Description The IP Restriction Middleware in Hono does not properly validate IPv4 addresses, allowing attackers to bypass IP-based access controls. The IPV4 REGEX pattern and convertIPv4ToBinary function in...

Squidex code-related vulnerabilities

Squidex is an open-source content management system developed by Squidex. Versions of Squidex 7.21.0 and earlier had code vulnerabilities. These vulnerabilities stemmed from insufficient validation of URL parameters in Webhook configurations, or lack of restrictions on the target IP address, whic...

Hono security vulnerability

Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.11.7 contained security vulnerabilities. These vulnerabilities stemmed from IP-based access control middleware, which allowed bypasses in IP address validation, potentially enabling attackers to...

SUSE-SU-2026:20153-1 Security update for libpcap

This update for libpcap fixes the following issues: - CVE-2025-11961: missing validation of provided MAC-48 address string in pcapetheraton can lead to out-of-bounds read and write bsc1255765...

SUSE-SU-2026:20120-1 Security update for libpcap

This update for libpcap fixes the following issues: - CVE-2025-11961: missing validation of provided MAC-48 address string in pcapetheraton can lead to out-of-bounds read and write bsc1255765...

OPENSUSE-SU-2026:20075-1 Security update for libpcap

This update for libpcap fixes the following issues: - CVE-2025-11961: missing validation of provided MAC-48 address string in pcapetheraton can lead to out-of-bounds read and write bsc1255765...

MiracleLinux 8 : python3-3.6.8-69.el8_10.ML.1 (AXSA:2024-9057:07)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9057:07 advisory. python: Virtual environment venv activation scripts don't quote paths CVE-2024-9287 python: Improper validation of IPv6 and IPvFuture addresses...

MiracleLinux 8 : php:8.2 (AXSA:2024-9505:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9505:01 advisory. php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk...

Mailpit security vulnerabilities

Mailpit is an email testing tool developed by Ralph Slooten personally. Versions of Mailpit prior to 1.28.3 contained a security vulnerability. This vulnerability stemmed from insufficient regular expressions used to validate the RCPT TO and MAIL FROM addresses, which could lead to header injecti...

CVE-2026-23829 Mailpit has SMTP Header Injection via Regex Bypass

Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can inject arbitrary SMTP headers or corrupt existing...

WordPress plugin Church Admin code vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2025-68949

n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured...

CVE-2025-13393

The Featured Image from URL FIFU plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due to insufficient validation of user-supplied URLs before passing them to the getimagesize function in the Elementor widget integration. This...

CVE-2025-71094 net: usb: asix: validate PHY address before use

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: validate PHY address before use The ASIX driver reads the PHY address from the USB device via asixreadphyaddr. A malicious or faulty device can return an invalid address = PHYMAXADDR, which causes a warning in...

CVE-2025-71094

CVE-2025-71094: In the Linux kernel, the ASIX USB Ethernet driver (net: usb: asix) could read an invalid PHY address from a USB device (address >= PHY_MAX_ADDR), triggering a warning in mdiobus_get_phy. The fix validates the PHY address in asix_read_phy_addr() and removes the now-redundant che...

CVE-2025-71094

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: validate PHY address before use The ASIX driver reads the PHY address from the USB device via asixreadphyaddr. A malicious or faulty device can return an invalid address = PHYMAXADDR, which causes a warning in...