Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.7 views

CVE-2026-39407

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for...

5.3CVSS5.4AI score0.00459EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/27 7:23 p.m.4 views

CVE-2026-41248

Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in...

9.1CVSS5.2AI score0.00323EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/24 9:4 p.m.29 views

CVE-2026-41248 Official Clerk JavaScript SDKs: Middleware-based route protection bypass

Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in...

9.1CVSS0.00323EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/16 1:9 p.m.8 views

CVE-2026-6414

@fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators %2F before filesystem resolution, while Fastify's router treats them as literal characters. This mismatch allows attackers to bypass route-based middleware or guards that protect files served by @fastify/static. F...

5.9CVSS5.8AI score0.00398EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-5053

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.21573EPSS
Exploits1References11
OSV
OSV
added 2023/05/22 8:15 p.m.3 views

CVE-2023-31241

Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright...

10CVSS7.6AI score0.00764EPSS
Exploits0References1
NVD
NVD
added 2023/05/22 8:15 p.m.13 views

CVE-2023-31241

Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright...

10CVSS9.3AI score0.00764EPSS
Exploits0References1
Rows per page
Query Builder