Lucene search
K

5 matches found

NVD
NVD
added 5 hours ago5 views

CVE-2026-59895

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class...

6.1CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 hours ago2 views

CVE-2026-59895

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class...

6.1CVSS6.1AI score
Exploits0References4Affected Software1
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-42327

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class...

6.1CVSS6.1AI score
Exploits0References3
CVE
CVE
added 6 hours ago5 views

CVE-2026-59896

Hono/jsx in the Hono web framework exposes a cross-request data disclosure during server-side rendering. From version 4.11.8 up to, but not including, 4.12.27, context values created via createContext, useContext, jsxRenderer, or useRequestContext were not isolated per request and could be reused...

6.5CVSS5.9AI score
Exploits0References3
CVE
CVE
added 6 hours ago6 views

CVE-2026-59897

CVE-2026-59897 affects Hono: API Gateway v1 adapter (versions prior to 4.12.27). The AWS API Gateway v1 adapter drops a distinct repeated request header value due to de-duplication by substring comparison instead of exact match, which can cause incomplete data in headers like X-Forwarded-For. Thi...

4.8CVSS6AI score
Exploits0References3
Rows per page
Query Builder