EUVD-2026-22677

Reflected Cross-Site Scripting XSS Vulnerability in Radware Alteon 34.5.4.0 vADC load-balancer allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized actions, data theft, or other malicious activities...

Undertow is Vulnerable to HTTP Request/Response Smuggling

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

CVE-2026-27700

Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo function incorrectly selected the first value from the X-Forwarded-For...

Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo

Summary When using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo function incorrectly selected the first value from the X-Forwarded-For header. Because AWS ALB appends the real client IP address to the end of the X-Forwarded-For header, the first...

User Impersonation

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to User Impersonation via the getConnInfo function in the adapter/aws-lambda/conninfo.ts‎ file. An attacker can gain unauthorized access to resources protected by IP-based access controls by...

GHSA-XH87-MX6M-69F3 Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo

Summary When using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo function incorrectly selected the first value from the X-Forwarded-For header. Because AWS ALB appends the real client IP address to the end of the X-Forwarded-For header, the first...

CVE-2026-27700

Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo function incorrectly selected the first value from the X-Forwarded-For...

CVE-2026-27700

CVE-2026-27700 affects Hono’s AWS Lambda adapter behind ALB. In versions 4.12.0 and 4.12.1, getConnInfo() erroneously took the first value from the X-Forwarded-For header. Since AWS ALB appends the real client IP to the end of X-Forwarded-For, an attacker could control the first IP value, potenti...

CVE-2026-27700 Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo

Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo function incorrectly selected the first value from the X-Forwarded-For...

CVE-2026-27700 Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo

Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo function incorrectly selected the first value from the X-Forwarded-For...

Hono 数据伪造问题漏洞

Hono is a web framework built in TypeScript for the Hono community. Versions 4.12.0 and 4.12.1 of Hono contain a data manipulation vulnerability. This vulnerability arises from the use of the AWS Lambda adapter after an application load balancer. In this context, the getConnInfo function...

PT-2026-21921

Name of the Vulnerable Software and Affected Versions Hono versions 4.12.0 through 4.12.1 Description Hono is a Web application framework that provides support for any JavaScript runtime. When using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo...

EUVD-2018-7195

Malware in sbrugna...

EUVD-2025-15449

Malicious code in bioql PyPI...

EUVD-2024-49465

Malicious code in bioql PyPI...

EUVD-2023-0074

Malicious code in bioql PyPI...

EUVD-2024-32920

Malicious code in bioql PyPI...

Google Cloud Classic Application Load Balancer Input Validation Error Vulnerability

Google Cloud Classic Application Load Balancer is a legacy application load balancing service from Google, Inc. that is used to automatically distribute traffic to back-end service instances in a cloud environment. An input validation error vulnerability exists in Google Cloud Classic Application...

CVE-2025-4600

A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after ...

CVE-2025-4600

A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after ...