Lucene search
K

183 matches found

NVD
NVD
added yesterday6 views

CVE-2026-59896

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...

6.5CVSS
Exploits0References3
EUVD
EUVD
added yesterday3 views

EUVD-2026-42326

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...

6.5CVSS5.9AI score
Exploits0References3
CVE
CVE
added yesterday7 views

CVE-2026-59896

Hono/jsx in the Hono web framework exposes a cross-request data disclosure during server-side rendering. From version 4.11.8 up to, but not including, 4.12.27, context values created via createContext, useContext, jsxRenderer, or useRequestContext were not isolated per request and could be reused...

6.5CVSS5.9AI score
Exploits0References3
Cvelist
Cvelist
added yesterday29 views

CVE-2026-59896 hono/jsx does not isolate context per request, leading to cross-request data disclosure

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...

6.5CVSS
Exploits0References3
NVD
NVD
added 2026/06/11 7:16 a.m.14 views

CVE-2026-41000

Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be...

3.7CVSS0.00223EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 5:4 a.m.30 views

CVE-2026-41000

The CVE-2026-41000 issue affects Spring Web Services where Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. This undermines protections against replay of UsernameToken nonces and creation timestamps, as well as Time...

3.7CVSS5.5AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 5:4 a.m.26 views

CVE-2026-41000 WSS4J validation does not use configured replay cache

Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be...

3.7CVSS0.00223EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48623

Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description The Wss4jSecurityInterceptor faile...

3.7CVSS5.8AI score0.00223EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-10868

A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit. When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could cra...

9CVSS5.4AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:48 p.m.8 views

CVE-2024-54011

Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and...

6.5CVSS5.5AI score0.0024EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.15 views

PT-2026-46990

Name of the Vulnerable Software and Affected Versions klever-go version 1.7.17 Description A connected peer can trigger remote memory and CPU amplification on nodes that accept P2P peer connections. This occurs when a compressed RequestDataType HashArrayType direct request is sent; a small payloa...

7.5CVSS5.9AI score0.0005EPSS
Exploits0References5
NVD
NVD
added 2026/06/04 4:16 p.m.12 views

CVE-2026-10868

A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit. When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could cra...

9CVSS0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 2:39 p.m.7 views

CVE-2026-10868

A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit. When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could cra...

9CVSS5.8AI score0.00239EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 2:39 p.m.10 views

CVE-2026-10868 MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification

A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit. When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could cra...

9CVSS5.8AI score0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.18 views

PT-2026-46254

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description A mass assignment issue exists in the user edit functionality. The application fails to sufficiently filter user-supplied fields in the UsersController::edit function, allowing it to accept a...

9CVSS5.4AI score0.00239EPSS
Exploits0References3
OSV
OSV
added 2026/05/27 2:17 p.m.6 views

UBUNTU-CVE-2026-46081

In the Linux kernel, the following vulnerability has been resolved: crypto: acomp - fix wrong pointer stored by acompsavereq acompsavereq stores &req-chain in req-base.data. When acompreqchaindone is invoked on asynchronous completion, it receives &req-chain as the data argument but casts it...

7.8CVSS5.7AI score0.00166EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/27 12:58 p.m.42 views

CVE-2026-46081 crypto: acomp - fix wrong pointer stored by acomp_save_req()

In the Linux kernel, the following vulnerability has been resolved: crypto: acomp - fix wrong pointer stored by acompsavereq acompsavereq stores &req-chain in req-base.data. When acompreqchaindone is invoked on asynchronous completion, it receives &req-chain as the data argument but casts it...

7.8CVSS0.00166EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:58 p.m.9 views

CVE-2026-46081

In the Linux kernel, the following vulnerability has been resolved: crypto: acomp - fix wrong pointer stored by acompsavereq acompsavereq stores &req-;chain in req-base.data. When acompreqchaindone is invoked on asynchronous completion, it receives &req-;chain as the data argument but casts it...

5.7AI score0.00166EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.12 views

PT-2026-36128

Name of the Vulnerable Software and Affected Versions Synway SMG Gateway Management Software affected versions not specified Description An OS command injection flaw exists in the RADIUS configuration endpoint '/en/9-2radius.php'. The issue occurs because the radius address POST parameter is spli...

9.8CVSS6.4AI score0.05727EPSS
Exploits1References14
Veracode
Veracode
added 2026/04/28 8:13 a.m.8 views

Improper Input Encoding

Axios is vulnerable to Improper Input Encoding. The vulnerability is due to incorrect character mapping in the encode function, where safely percent-encoded null bytes %00 are converted back to raw null bytes, potentially leading to unsafe request data handling in affected usage scenarios...

3.7CVSS5.2AI score0.00217EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder