36 matches found
CVE-2026-59896
Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...
CVE-2026-59896 hono/jsx does not isolate context per request, leading to cross-request data disclosure
Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...
EUVD-2026-42326
Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...
CVE-2026-59896
Hono/jsx in the Hono web framework exposes a cross-request data disclosure during server-side rendering. From version 4.11.8 up to, but not including, 4.12.27, context values created via createContext, useContext, jsxRenderer, or useRequestContext were not isolated per request and could be reused...
CVE-2026-59896 hono/jsx does not isolate context per request, leading to cross-request data disclosure
Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...
GO-2026-5216 OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination in github.com/OliveTin/OliveTin
OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination in github.com/OliveTin/OliveTin...
CVE-2026-54266
Angular’s HttpTransferCache uses a weak 32‑bit DJB2‑like hash to generate TransferState cache keys, enabling hash collisions that let attackers overwrite a victim’s cached SSR responses (state poisoning and potential data leakage) by visiting crafted links. This affects Angular versions prior to ...
CVE-2026-54266 Angular: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during...
CVE-2026-48708
OliveTin is affected by a race condition in the template engine. In versions up to 3000.0.0, a single shared text/template.Template instance (tpl) is used across all goroutines, and actions perform tpl.Parse(source) followed by t.Execute() without synchronization. Under concurrent ExecRequests, t...
CVE-2026-46705 russh server userauth state is not reset when authentication principal changes
Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user nam...
CVE-2026-46705
The vulnerability CVE-2026-46705 affects russh (Rust SSH client/server) versions 0.34.0-beta.1 through before 0.61.0. The server’s authentication path retained russh-owned state (e.g., remaining methods, partial_success, and in-progress state) across SSH_MSG_USERAUTH_REQUEST messages when the use...
curl: CVE-2026-9546: sending old referer
Summary: libcurl documents that CURLOPTREFERER can be set to NULL to disable the Referer header again, but doing so after a transfer does not clear the cached per-handle referer state. As a result, the next HTTP request on the same easy handle can still send the previous request's Referer: value ...
Astra Linux – Vulnerability in Jetty9
In Eclipse Jetty versions 9.4.0 to 9.4.56, a buffer can be released incorrectly when encountering a gzip error during the inflation of a request body. This can lead to corrupted data and/or inadvertent sharing of data between requests...
Continuous Discovery of Vulnerabilities in LLM Serving Systems with Fuzzing
LLM inference and serving systems have become security-critical infrastructure; however, many of their most concerning failures arise from the serving layer rather than from model behavior alone. Modern inference engines combine KV cache, batching, prefix sharing, speculative decoding, adapters,...
Unity Linux 20.1060e / 20.1070e Security Update: tomcat (UTSA-2026-017612)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017612 advisory. When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers an...
SUSE CVE-2026-24894
FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $SESSION data of the previous request potential...
CVE-2026-24894
FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $SESSION data of the previous request potential...
GHSA-R3XH-3R3W-47GP FrankenPHP leaks session data between requests in worker mode
Summary When running FrankenPHP in worker mode, the $SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $SESSION data of the previous request potentially belonging to a different user before sessionstart is...
FrankenPHP leaks session data between requests in worker mode
Summary When running FrankenPHP in worker mode, the $SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $SESSION data of the previous request potentially belonging to a different user before sessionstart is...
PT-2026-7871
Name of the Vulnerable Software and Affected Versions FrankenPHP versions prior to 1.11.2 Description FrankenPHP, when running in worker mode, does not correctly reset the $ SESSION superglobal between requests. This allows a subsequent request processed by the same worker to access the $ SESSION...