Lucene search
K

436 matches found

Nuclei
Nuclei
added yesterday9 views

Astro SSR - Open Redirect

Astro 5.2.0 through 5.12.7 contains an open redirect caused by improper handling of paths with double slashes in trailing slash redirection logic, letting attackers redirect users to arbitrary external domains, exploit requires on-demand SSR with Node or Cloudflare adapters. id: CVE-2025-54793...

6.9CVSS6.2AI score0.00614EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-54267

A flaw was found in the Angular framework's client-side hydration feature for Server-Side Rendered SSR applications. This vulnerability, known as DOM Clobbering, allows a remote attacker to inject malicious data into the application's internal data cache. By exploiting a predictable identifier us...

8.6CVSS6AI score0.00179EPSS
Exploits0References6
NVD
NVD
added 6 days ago11 views

CVE-2026-59896

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...

6.5CVSS0.00191EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-59895 Hono: Server-Side XSS via JSX Escaping Bypass in cx() Utility

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class...

6.1CVSS0.00187EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42327

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class...

6.1CVSS6.1AI score0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 days ago4 views

CVE-2026-59895

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class...

6.1CVSS6.1AI score0.00187EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-59896 hono/jsx does not isolate context per request, leading to cross-request data disclosure

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...

6.5CVSS0.00191EPSS
Exploits0References3
CVE
CVE
added 6 days ago9 views

CVE-2026-59896

Hono/jsx in the Hono web framework exposes a cross-request data disclosure during server-side rendering. From version 4.11.8 up to, but not including, 4.12.27, context values created via createContext, useContext, jsxRenderer, or useRequestContext were not isolated per request and could be reused...

6.5CVSS5.9AI score0.00191EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42326

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...

6.5CVSS5.9AI score0.00191EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56506

Name of the Vulnerable Software and Affected Versions Hono versions 4.11.8 through 4.12.26 Description During server-side rendering, the hono/jsx module fails to isolate context values on a per-request basis. This allows data from a different in-flight request to be accessed after an await...

6.5CVSS6.1AI score0.00191EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56505

Name of the Vulnerable Software and Affected Versions Hono versions 4.0.0 through 4.12.26 Description The cx function in hono/css composes class names from plain strings but marks the result as already escaped without performing HTML-escaping on the input. This allows untrusted className values...

6.1CVSS6.2AI score0.00187EPSS
Exploits0References9
Veracode
Veracode
added 2026/06/27 5:58 a.m.6 views

Information Disclosure

angular/common is vulnerable to information disclosure. The vulnerability is due to the HttpTransferCache utility failing to consider the withCredentials flag and Cookie header when caching HTTP responses during Server-Side Rendering SSR with hydration enabled, which allows an attacker to obtain...

8.2CVSS5.8AI score0.00267EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/25 6:34 p.m.8 views

CVE-2026-50556

A flaw was found in @angular/platform-server. This Cross-Site Scripting XSS vulnerability exists in its DOM emulation dependency, domino, when handling the content of elements during server-side rendering. A remote attacker could exploit this by injecting unescaped closing tags within dynamic tex...

8.6CVSS6.1AI score0.00239EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 10:16 p.m.7 views

CVE-2026-47110

Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set to an array instead of a string, causing an unhandled TypeError in the Link::isAllowedUri functio...

7.1CVSS0.00305EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 1:16 p.m.9 views

CVE-2026-56761

hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers can craft specially crafted attribute keys containing characters like quotes or angle brackets to break html tag...

5.3CVSS0.00174EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 11:53 a.m.23 views

CVE-2026-56761

CVE-2026-56761 affects the hono framework prior to 4.12.14, where server-side rendering of JSX allows HTML injection through malformed attribute names. Attackers can craft attribute keys containing characters like quotes or angle brackets, breaking tag boundaries and injecting unintended attribut...

5.3CVSS6AI score0.00174EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56761

hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers can craft specially crafted attribute keys containing characters like quotes or angle brackets to break html tag...

5.3CVSS6AI score0.00174EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 11:53 a.m.6 views

EUVD-2026-38757

hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers can craft specially crafted attribute keys containing characters like quotes or angle brackets to break html tag...

5.3CVSS6AI score0.00174EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51785

Name of the Vulnerable Software and Affected Versions hono versions prior to 4.12.14 Description An HTML injection issue exists in the JSX server-side rendering SSR process. Attackers can inject unintended HTML by using malformed attribute names. By crafting attribute keys that include characters...

5.3CVSS5.9AI score0.00174EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:13 p.m.5 views

CVE-2026-56301

Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server nuxt dev on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit t...

6.8CVSS6AI score0.00103EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder