NPM: Next.js has a Middleware / Proxy bypass through dynamic route parameter injection

NPM: Next.js has a Middleware / Proxy bypass through dynamic route parameter injection vulnerability discovered by ? in WordPress Npm next versions = 15.4.0, 15.5.16...

CVE-2026-39408 Hono has a path traversal in toSSG() allows writing files outside the output directory

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially...