Lucene search
+L

578 matches found

osv
osv
added 4 hours ago5 views

ROOT-APP-NPM-CVE-2026-56761 CVE-2026-56761 in @rootio/hono - Patched by Root

Root has patched CVE-2026-56761 in the @rootio/hono package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.00174EPSS
Exploits0
osv
osv
added 4 hours ago21 views

ROOT-APP-NPM-CVE-2026-44455 CVE-2026-44455 in @rootio/hono - Patched by Root

Root has patched CVE-2026-44455 in the @rootio/hono package for Root:npm. Multiple fixed versions available...

4.7CVSS5.8AI score0.0014EPSS
Exploits0
osv
osv
added 4 hours ago17 views

ROOT-APP-NPM-CVE-2026-44458 CVE-2026-44458 in @rootio/hono - Patched by Root

Root has patched CVE-2026-44458 in the @rootio/hono package for Root:npm. Multiple fixed versions available...

4.3CVSS5.8AI score0.00197EPSS
Exploits0
osv
osv
added 4 hours ago7 views

ROOT-APP-NPM-CVE-2026-47675 CVE-2026-47675 in @rootio/hono - Patched by Root

Root has patched CVE-2026-47675 in the @rootio/hono package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.00216EPSS
Exploits0
osv
osv
added 4 hours ago15 views

ROOT-APP-NPM-CVE-2026-44456 CVE-2026-44456 in @rootio/hono - Patched by Root

Root has patched CVE-2026-44456 in the @rootio/hono package for Root:npm. Multiple fixed versions available...

6.5CVSS5.8AI score0.00219EPSS
Exploits0
osv
osv
added 4 hours ago3 views

ROOT-APP-NPM-CVE-2026-47673 CVE-2026-47673 in @rootio/hono - Patched by Root

Root has patched CVE-2026-47673 in the @rootio/hono package for Root:npm. Multiple fixed versions available...

6.5CVSS5.8AI score0.00199EPSS
Exploits0
osv
osv
added 4 hours ago4 views

ROOT-APP-NPM-CVE-2026-47676 CVE-2026-47676 in @rootio/hono - Patched by Root

Root has patched CVE-2026-47676 in the @rootio/hono package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.0026EPSS
Exploits0
osv
osv
added 4 hours ago2 views

ROOT-APP-NPM-CVE-2026-54286 CVE-2026-54286 in @rootio/hono - Patched by Root

Root has patched CVE-2026-54286 in the @rootio/hono package for Root:npm. Multiple fixed versions available...

5.9CVSS6.1AI score0.00292EPSS
Exploits0
osv
osv
added 4 hours ago4 views

ROOT-APP-NPM-CVE-2026-47674 CVE-2026-47674 in @rootio/hono - Patched by Root

Root has patched CVE-2026-47674 in the @rootio/hono package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.00244EPSS
Exploits0
osv
osv
added 4 hours ago3 views

ROOT-APP-NPM-CVE-2026-54288 CVE-2026-54288 in @rootio/hono - Patched by Root

Root has patched CVE-2026-54288 in the @rootio/hono package for Root:npm. Multiple fixed versions available...

6.5CVSS6.1AI score0.00103EPSS
Exploits0
osv
osv
added 4 hours ago11 views

ROOT-APP-NPM-CVE-2026-54290 CVE-2026-54290 in @rootio/hono - Patched by Root

Root has patched CVE-2026-54290 in the @rootio/hono package for Root:npm. Multiple fixed versions available...

7.1CVSS5.8AI score0.00248EPSS
Exploits0
osv
osv
added 4 hours ago15 views

ROOT-APP-NPM-CVE-2026-44457 CVE-2026-44457 in @rootio/hono - Patched by Root

Root has patched CVE-2026-44457 in the @rootio/hono package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.00197EPSS
Exploits0
cvelist
cvelist
added yesterday25 views

CVE-2026-56764 Hono - Timing Attack in basicAuth and bearerAuth Middleware

Hono before 4.11.10 contains a timing attack vulnerability in the basicAuth and bearerAuth middlewares due to non-constant-time string comparison in the timingSafeEqual function. Attackers can exploit early termination of string equality checks to infer valid credentials through precise timing...

6.3CVSS
Exploits0References2
euvd
euvd
added yesterday4 views

EUVD-2026-44631

Hono before 4.11.10 contains a timing attack vulnerability in the basicAuth and bearerAuth middlewares due to non-constant-time string comparison in the timingSafeEqual function. Attackers can exploit early termination of string equality checks to infer valid credentials through precise timing...

6.3CVSS6.1AI score
Exploits0References2
nvd
nvd
added 5 days ago7 views

CVE-2026-56763

Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...

6.3CVSS0.00177EPSS
Exploits0References2
euvd
euvd
added 5 days ago7 views

EUVD-2026-43173

Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...

6.3CVSS6.1AI score0.00177EPSS
Exploits0References2
cve
cve
added 5 days ago13 views

CVE-2026-56763

CVE-2026-56763 affects Hono prior to 4.12.7. The parseBody function with dot option enabled accepts proto in field names, allowing prototype pollution when parsed results are merged into regular objects via unsafe merge patterns. Impacted behavior includes modification of object prototypes and po...

6.3CVSS6.1AI score0.00177EPSS
Exploits0References2
cvelist
cvelist
added 5 days ago34 views

CVE-2026-56763 Hono - Prototype Pollution via __proto__ Key in parseBody with dot Option

Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...

6.3CVSS0.00177EPSS
Exploits0References2
osv
osv
added 5 days ago3 views

CVE-2026-56763 Hono - Prototype Pollution via __proto__ Key in parseBody with dot Option

Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...

6.3CVSS6.1AI score0.00177EPSS
Exploits0References4
nvd
nvd
added 2026/07/08 5:17 p.m.12 views

CVE-2026-59896

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...

6.5CVSS0.00191EPSS
Exploits0References3
Rows per page
Query Builder