CVE-2026-29045 Hono: Arbitrary file access via serveStatic vulnerability

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections e.g. app.use'/admin/', ..., inconsistent URL decoding allowed protected static resources to be accessed without...

PT-2026-23075

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.4 Description Hono is a Web application framework supporting various JavaScript runtimes. An inconsistency in URL decoding between the router decodeURI and serveStatic decodeURIComponent allowed protected static...

EUVD-2023-0659

Malicious code in bioql PyPI...

CVE-2023-26104

All versions of the package lite-web-server are vulnerable to Denial of Service DoS when an attacker sends an HTTP request and includes control characters that the decodeURI function is unable to parse...

GHSA-8237-3Q5G-99FV Denial of Service vulnerability in lite-web-server

All versions of the package lite-web-server are vulnerable to Denial of Service DoS when an attacker sends an HTTP request and includes control characters that the decodeURI function is unable to parse...

Denial of Service vulnerability in lite-web-server

All versions of the package lite-web-server are vulnerable to Denial of Service DoS when an attacker sends an HTTP request and includes control characters that the decodeURI function is unable to parse...

CVE-2023-26104

All versions of the package lite-web-server are vulnerable to Denial of Service DoS when an attacker sends an HTTP request and includes control characters that the decodeURI function is unable to parse...

Design/Logic Flaw

All versions of the package lite-web-server are vulnerable to Denial of Service DoS when an attacker sends an HTTP request and includes control characters that the decodeURI function is unable to parse...

CVE-2023-26104

All versions of the package lite-web-server are vulnerable to Denial of Service DoS when an attacker sends an HTTP request and includes control characters that the decodeURI function is unable to parse...

SUSE CVE-2016-1677

uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."...

Denial Of Service (DoS)

lite-server is vulnerable to denial of service. The vulnerability is due to the decodeURI function which is unable to parse control characters allowing an attacker to cause an application crash via malicious HTTP request...

CVE-2022-25940 Denial of Service (DoS)

All versions of package lite-server are vulnerable to Denial of Service DoS when an attacker sends an HTTP request and includes control characters that the decodeURI function is unable to parse...

GHSA-89W7-5Q45-R53W lite-server vulnerable to Denial of Service

All versions of package lite-server are vulnerable to Denial of Service DoS when an attacker sends an HTTP request and includes control characters that the decodeURI function is unable to parse...

lite-server vulnerable to Denial of Service

All versions of package lite-server are vulnerable to Denial of Service DoS when an attacker sends an HTTP request and includes control characters that the decodeURI function is unable to parse...

Design/Logic Flaw

All versions of package lite-server are vulnerable to Denial of Service DoS when an attacker sends an HTTP request and includes control characters that the decodeURI function is unable to parse...

lite-server 安全漏洞

npm lite-server is a lightweight development-specific node server from the U.S. npm. It serves web applications. A security vulnerability exists in lite-server that stems from vulnerability to denial-of-service DoS attacks when an attacker sends an HTTP request with control characters that cannot...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when an attacker sends an HTTP request and includes control characters that the decodeURI function is unable to parse. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when an attacker sends an HTTP request and includes control characters that the decodeURI function is unable to parse. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

Node.js third-party modules: [tianma-static] Security issue with XSS.

I would like to report XSS in tianma-static It allows XSS and HTML Injection First of all, It is my first report and I am sorry that I am not good at English T.T thank you. Module module name: tianma-static version: 1.0.4 npm page: https://www.npmjs.com/package/tianma-static Module Description...

CVE-2016-1677

uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."...