CVE-2026-24398 Hono's IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The IPV4REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts do not properly validate...

CVE-2026-24398 Hono's IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The IPV4REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts do not properly validate...

CVE-2026-24398

CVE-2026-24398 — Hono IPv4 address validation bypass : Prior to 4.11.7, IP Restriction Middleware fails to validate IPv4 octets in the src/utils/ipaddr.ts code paths, due to a permissive IPv4_REGEX and an unsafe convertIPv4ToBinary function. This allows crafting malformed IPs that can bypass IP-b...

GHSA-6WQW-2P9W-4VW4 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

Summary Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headers such as Cache-Control: private or Cache-Control: no-store, which may result in private or...

GHSA-R354-F388-2FHH Hono IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing

Summary IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The IPV4REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts do not properly validate that IPv4 octet values are within the valid range of 0-255, allowing attackers to craft malformed IP...

Hono IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing

Summary IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The IPV4REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts do not properly validate that IPv4 octet values are within the valid range of 0-255, allowing attackers to craft malformed IP...

PT-2026-5013

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.11.7 Description The Serve static Middleware for the Cloudflare Workers adapter in Hono does not properly validate user-controlled paths, potentially allowing attackers to read arbitrary keys from the Workers...

PT-2026-4917

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.11.7 Description The IP Restriction Middleware in Hono does not properly validate IPv4 addresses, allowing attackers to bypass IP-based access controls. The IPV4 REGEX pattern and convertIPv4ToBinary function in...

PT-2026-5012

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.11.7 Description The Cache Middleware component does not properly handle HTTP cache control directives such as Cache-Control: private or Cache-Control: no-store. This can lead to private or authenticated responses bein...

Exploit for Improper Authorization in Vercel Next.Js

PoC: CVE-2025-29927 - Next.js Middleware Bypass This reposito...

Security Bulletin: Vulnerability in jshttp on-headers affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Vulnerability in jshttp on-headers affect IBM® Db2® Big SQL 8.2.0 on IBM Cloud Pak for Data 5.2 Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in...

GO-2026-4316 Open redirect vulnerability in the RedirectSlashes middleware in github.com/go-chi/chi

Open redirect vulnerability in the RedirectSlashes middleware in github.com/go-chi/chi...

Umbraco.Forms CDN may cache sensitive form uploads when processed by ImageSharp

Impact Protected files uploaded through Umbraco Forms may be served to unauthenticated users when a CDN or caching layer is present and ImageSharp processes the request. ImageSharp sets aggressive cache headers by default, which can cause intermediary caches to store and serve files that should...

Vulnerabilities fixed in Atlassian products

Atlassian has fixed vulnerabilities in several products, which use Oracle middle-ware products such as the Oracle Utilities Application Framework, WebLogic Server, Data Integrator and Business Intelligence Enterprise Edition. These vulnerabilities allow unauthenticated attackers to perform a deni...

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in several products, including Oracle HTTP Server, Oracle WebLogic Server, and Oracle Fusion Middleware. The vulnerabilities in the Oracle products allow unauthenticated attackers to access sensitive data, conduct denial-of-service DoS attacks, and compromise the...

Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash

Impact A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace...

CVE-2026-21962

Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0...

CVE-2026-21962

Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0...

[SECURITY] [DSA 6104-1] python-keystonemiddleware security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6104-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 20, 2026 https://www.debian.org/security/faq -...

CVE-2026-23837

MyTube is a self-hosted downloader and player for several video websites. A vulnerability present in version 1.7.65 and poetntially earlier versions allows unauthenticated users to bypass the mandatory authentication check in the roleBasedAuthMiddleware. By simply not providing an authentication...