CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added yesterday•11 views

CVE-2026-54287 Hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

5.3CVSS0.00044EPSS

CVE•added yesterday•9 views

CVE-2026-54287

Summary: Hono’s AWS Lambda adapter, in the ALB single-header mode and VPC Lattice v2, concatenates multiple Set-Cookie headers into a single comma-separated value, causing cookie attributes that include commas (e.g., Expires) to be misparsed or dropped. Affected components: Hono web framework; AW...

5.3CVSS5.9AI score0.00044EPSS

Snyk•added last week•4 views

Improper Encoding or Escaping of Output

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the AWS Lambda adapter's handling of multiple Set-Cookie headers. An attacker can cause clients to drop or misinterpret cookies by triggering...

6.9CVSS5.9AI score0.00044EPSS

Exploits0References2

Github Security Blog•added last week•6 views

hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

Summary On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attributes for example Expires dates, clients cannot split the value back into individual cookies and...

5.3CVSS5.3AI score0.00044EPSS

Exploits0References2Affected Software1

Patchstack•added last week•4 views

NPM: hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

NPM: hono: AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...

5.3CVSS5.8AI score0.00044EPSS

Exploits0References2Affected Software1

OSV•added last week•3 views

GHSA-J6C9-X7QJ-28XF hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

5.3CVSS5.4AI score0.00044EPSS

Exploits0References2

Positive Technologies•added 2026/06/16 12:0 a.m.•6 views

PT-2026-49734

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.25 Description On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into a single comma-separated value. According to RFC 6265, each cookie must be its own...

5.3CVSS5.8AI score0.00044EPSS

Exploits0References4

Packet Storm News•added 2026/05/06 12:0 a.m.•5 views

Fundamental Limitations of Post-Quantum Cryptographic Architectures

Modern lattice-based cryptography, particularly the learning with errors paradigm, relies on injecting artificial noise to secure data against quantum adversaries. This study systematically examines the theoretical and physical boundaries of this noise-reliant model across four interconnected...

AstraLinux•added 2026/05/03 11:59 p.m.•14 views

Astra Linux – Vulnerability in mbedtls

A vulnerability was discovered in Arm Mbed TLS before versions 2.16.6 and 2.7.x, prior to 2.7.15. An attacker who can obtain precise side-channel measurements can recover the long-term ECDSA private key by 1 reconstructing the projective coordinates of the result of scalar multiplication by...

4.7CVSS5.1AI score0.00247EPSS

Packet Storm News•added 2026/04/04 12:0 a.m.•3 views

Explainable PQC: A Layered Interpretive Framework for Post-Quantum Cryptographic Security Assumptions

This paper studies how post-quantum cryptographic PQC security assumptions can be represented and communicated through a structured, layered framework that is useful for technical interpretation but does not replace formal cryptographic proofs. We propose "Explainable PQC,'' an interdisciplinary...

Packet Storm News•added 2026/04/04 12:0 a.m.•2 views

Improving ML Attacks on LWE with Data Repetition and Stepwise Regression

The Learning with Errors LWE problem is a hard math problem in lattice-based cryptography. In the simplest case of binary secrets, it is the subset sum problem, with error. Effective ML attacks on LWE were demonstrated in the case of binary, ternary, and small secrets, succeeding on fairly sparse...

Packet Storm News•added 2026/03/06 12:0 a.m.•2 views

Securing Cryptography in the Age of Quantum Computing and AI: Threats, Implementations, and Strategic Response

This review examines how quantum computing and artificial intelligence challenge current cryptographic systems. We analyze the literature to assess the resilience of algorithms against quantum attacks Shor's and Grover's algorithms and AI-enhanced cryptanalysis. RSA and elliptic curve cryptograph...

RedhatCVE•added 2026/01/29 3:26 a.m.•10 views

CVE-2026-24850

The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard ML-DSA. Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicat...

NVD•added 2026/01/28 1:16 a.m.•8 views

CVE-2026-24850

5.3CVSS0.00299EPSS

Cvelist•added 2026/01/28 12:24 a.m.•29 views

CVE-2026-24850 ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices

5.3CVSS0.00299EPSS

Vulnrichment•added 2026/01/28 12:24 a.m.•6 views

CVE-2026-24850 ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices

ATTACKERKB•added 2026/01/28 12:24 a.m.•4 views

CVE-2026-24850

Exploits0References12Affected Software1

EUVD•added 2026/01/28 12:24 a.m.•4 views

EUVD-2026-4910

CVE•added 2026/01/28 12:24 a.m.•17 views

CVE-2026-24850

The CVE-2026-24850 issue affects the RustCrypto ml-dsa crate. A regression in the signature verification path allowed repeated hint indices by using a non-strict monotonic check (<=) instead of a strict