Lucene search
K

6 matches found

CVE
CVE
added 2025/10/22 7:24 p.m.21 views

CVE-2025-62610

Hono's JWT Auth Middleware (versions 1.1.0 up to before 4.10.2) did not validate the aud (Audience) claim, potentially allowing tokens intended for other audiences to access a service. The issue is documented across multiple sources and is resolved by upgrading to version 4.10.2 or later. Affecte...

8.1CVSS6.3AI score0.0035EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/10/22 3:21 p.m.4 views

GHSA-M732-5P4W-X69G Hono Improper Authorization vulnerability

Improper Authorization in Hono JWT Audience Validation Hono’s JWT authentication middleware did not validate the aud Audience claim by default. As a result, applications using the middleware without an explicit audience check could accept tokens intended for other audiences, leading to potential...

8.1CVSS5.9AI score0.0035EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.7 views

PT-2025-43405

Name of the Vulnerable Software and Affected Versions Hono versions 1.1.0 through 4.10.1 Description Hono’s JWT authentication middleware lacked built-in verification of the aud Audience claim. This could lead to confused-deputy or token-mix-up issues, where an API might accept a valid token...

8.1CVSS5.4AI score0.0035EPSS
Exploits1References16
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.6 views

Hono 授权问题漏洞

Hono is a web framework written in TypeScript from the Hono community. An authorization issue vulnerability exists in Hono versions 1.1.0 through prior to 4.10.2, which stems from the lack of built-in audience validation options in the JWT Auth Middleware, and could lead to token obfuscation and...

8.1CVSS6.3AI score0.0035EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2025/05/20 12:42 p.m.40 views

AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation

Cybersecurity researchers have discovered risky default identity and access management IAM roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services, and, in some cases, even fully compromise AWS accounts. "These roles, often...

7.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/04/28 3:46 p.m.7 views

systemd: services with DynamicUser can get new privileges and create SGID binaries

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow a cooperating process to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to...

7.8CVSS5.9AI score0.00888EPSS
Exploits2References4
Rows per page
Query Builder