CVE-2026-45702 OP-TEE has FF-A type confusion in SPMC tmem path that causes S-EL1 kernel panic

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior to version 4.11.0, a type confusion vulnerability exists in OP-TEE OS when processing an FFAMEMSHARE...

CVE-2026-45614 OP-TEE vulnerable to ECDH private key recovery

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...

EUVD-2026-34159

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...

PT-2026-46045

Name of the Vulnerable Software and Affected Versions OP-TEE versions prior to 4.11.0 Description OP-TEE is a Trusted Execution Environment designed as a companion to a non-secure Linux kernel running on Arm Cortex-A cores using TrustZone technology. In several ECDH shared secret paths, the publi...

DEBIAN-CVE-2026-33317

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...

CVE-2026-33317

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...

PT-2026-34837

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entry get attribute value in ta/pkcs11/src/object.c can lead to out-of-bounds read...

GL-iNet GL-AR300M16 安全漏洞

GL-iNet GL-AR300M16 is a portable mini router produced by the Chinese company GL-iNet. The version GL-iNet GL-AR300M16 v4.3.11 contains a security vulnerability. This vulnerability stems from an SQL injection vulnerability in the addgroup function, which may allow for the execution of arbitrary S...

CVE-2025-27769

A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station All versions F4.11.1, Heliox Mobile DC 40 kW EV Charging Station All versions L4.10.1. Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable...

ZITADEL has potential SSRF via Actions

Summary ZITADEL Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. ZITADEL's Action target URLs can point to local hosts, potentially allowing...

CVE-2026-24473

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to read arbitrary keys from the Workers environment...

EUVD-2026-4752

Hono vulnerable to XSS through ErrorBoundary component...

CVE-2026-24771 Hono has a Cross-site Scripting vulnerability

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting XSS vulnerability exists in the ErrorBoundary component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered as...

CVE-2026-24771 Hono has a Cross-site Scripting vulnerability

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting XSS vulnerability exists in the ErrorBoundary component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered as...

CVE-2026-24472

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...

CVE-2026-24472 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...

CVE-2026-24398

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The IPV4REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts do not properly validate...

Use of Cache Containing Sensitive Information

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information via improper handling of HTTP cache control directives, including Cache-Control: private and Cache-Control: no-store. An attacker can access...

PT-2026-5012

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.11.7 Description The Cache Middleware component does not properly handle HTTP cache control directives such as Cache-Control: private or Cache-Control: no-store. This can lead to private or authenticated responses bein...

PT-2026-5014

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.11.7 Description A Cross-Site Scripting XSS issue exists in the ErrorBoundary component of the hono/jsx library. Untrusted data from users may be rendered as raw HTML, potentially allowing execution of arbitrary script...