Lucene search
K

238 matches found

CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Hono 安全漏洞

Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.21 contained security vulnerabilities. These vulnerabilities stemmed from the ip-restriction middleware using string equality comparisons when comparing IP addresses after some normalization,...

5.3CVSS5.8AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/18 7:58 p.m.12 views

CVE-2026-44457

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 6:56 a.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3.2 Vulnerability Details CVEID:CVE-2026-24398 DESCRIPTION: Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP...

8.8CVSS7.1AI score0.01535EPSS
Exploits2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.10 views

CVE-2026-44458

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into t...

4.3CVSS5.9AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.8 views

CVE-2026-44455

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

6.1CVSS5.8AI score0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.50 views

CVE-2026-44457

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...

5.3CVSS0.00197EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.16 views

CVE-2026-44458

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into t...

4.3CVSS0.00197EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.18 views

CVE-2026-44459

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not...

3.8CVSS0.00216EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.88 views

CVE-2026-44455

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

6.1CVSS0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.59 views

CVE-2026-44456

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, bodyLimit does not reliably enforce maxSize for requests without a usable Content-Length e.g. Transfer-Encoding: chunked. Oversized requests can reach handlers and return 200 instead of 413. Th...

6.5CVSS0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 3:2 p.m.32 views

CVE-2026-44459 Hono: Improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not...

3.8CVSS0.00216EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 3:2 p.m.11 views

CVE-2026-44459

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not...

3.8CVSS5.8AI score0.00216EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/13 3:2 p.m.29 views

CVE-2026-44459

CVE-2026-44459 (Hono) concerns improper validation of JWT NumericDate claims (exp, nbf, iat) in hono/utils/jwt prior to 4.12.18. The vulnerability allows tokens with non-spec-compliant claim values to silently bypass time-based checks when verify() processes malformed claims (not exploitable by a...

3.8CVSS5.8AI score0.00216EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/13 3:1 p.m.63 views

CVE-2026-44458 Hono: CSS Declaration Injection via Style Object Values in JSX SSR

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into t...

4.3CVSS0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 3:1 p.m.7 views

CVE-2026-44458

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into t...

4.3CVSS5.9AI score0.00197EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 3:1 p.m.10 views

CVE-2026-44458 Hono: CSS Declaration Injection via Style Object Values in JSX SSR

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into t...

4.3CVSS5.9AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 3:1 p.m.46 views

CVE-2026-44458

The CVE-2026-44458 entry affects Hono prior to version 4.12.18, where the JSX renderer does not escape CSS in style object values, allowing untrusted input to inject extra CSS declarations into the rendered style attribute. Impact is confined to CSS and does not permit JavaScript execution or HTM...

4.3CVSS5.9AI score0.00197EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/13 2:58 p.m.68 views

CVE-2026-44457 Hono: Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...

5.3CVSS0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 2:58 p.m.9 views

CVE-2026-44457 Hono: Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:58 p.m.10 views

CVE-2026-44457

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder