8220 matches found
Pepr security vulnerabilities
Pepr is a middleware open source by Defense Unicorns. Versions of Pepr prior to 1.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the default use of RBAC configuration for cluster administrators, without enforcing the principle of least privilege...
EUVD-2026-2446
chi has an open redirect vulnerability in the RedirectSlashes middleware...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via the RedirectSlashes function. An attacker can redirect users to an external, attacker-controlled website by crafting a specially formatted URL containing backslashes, which browsers interpret as a protocol-relative...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via the RedirectSlashes function. An attacker can redirect users to an external, attacker-controlled website by crafting a specially formatted URL containing backslashes, which browsers interpret as a protocol-relative...
GHSA-MQQF-5WVP-8FH8 chi has an open redirect vulnerability in the RedirectSlashes middleware
Summary The RedirectSlashes function in middleware/strip.go does not perform correct input validation and can lead to an open redirect vulnerability. Details The RedirectSlashes function performs a Trim to all forward slash / characters, while prepending a single one at the begining of the path...
chi has an open redirect vulnerability in the RedirectSlashes middleware
Summary The RedirectSlashes function in middleware/strip.go does not perform correct input validation and can lead to an open redirect vulnerability. Details The RedirectSlashes function performs a Trim to all forward slash / characters, while prepending a single one at the begining of the path...
GHSA-3VHC-576X-3QV4 Hono JWK Auth Middleware has JWT algorithm confusion when JWK lacks "alg" (untrusted header.alg fallback)
Summary A flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly define an algorithm. This could enable JWT algorithm confusion and, in certain configurations, allow forged...
GHSA-F67F-6CW9-8MQ4 Hono JWT Middleware's JWT Algorithm Confusion via Unsafe Default (HS256) Allows Token Forgery and Auth Bypass
Summary A flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the selected JWK did not explicitly specify an algorithm. This could enable JWT algorithm confusion and, in certain configurations, allow forged tokens to be...
EUVD-2026-2018
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the selected JWK did not explicitly specify an algorith...
CVE-2026-22817
Hono JWT verification middleware (JWK/JWKS) allowed the JWT header alg to influence signature checks if the JWK didn’t specify an algorithm, enabling potential JWT algorithm confusion and, in some configurations, forged tokens. This CVE affects Hono prior to version 4.11.4. The vulnerability is f...
CVE-2026-22817 JWT Algorithm Confusion via Unsafe Default (HS256) in Hono JWT Middleware Allows Token Forgery and Auth Bypass
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the selected JWK did not explicitly specify an algorith...
CVE-2026-22818
CVE-2026-22818 concerns Hono’s JWK/JWKS JWT verification middleware. Prior to 4.11.4, if a JWK did not explicitly specify an algorithm, the middleware could derive the signature verification algorithm from the untrusted JWT header’s alg value, enabling algorithm confusion and potentially forged t...
GO-2026-4286 OpenFlagr contains an authentication bypass vulnerability in the HTTP middleware in github.com/openflagr/flagr
OpenFlagr contains an authentication bypass vulnerability in the HTTP middleware in github.com/openflagr/flagr...
CVE-2023-50463
The caddy-geo-ip aka GeoIP middleware through 0.6.0 for Caddy 2, when trustheader X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism trustedproxy directive in reverseproxy or IP address range restrictio...
CVE-2021-33493
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format...
CVE-2019-2588
Vulnerability in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access...
CVE-2019-2771
Vulnerability in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
CVE-2019-2601
Vulnerability in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access v...
CVE-2019-2650
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
CVE-2019-2595
Vulnerability in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access...