Lucene search
K

241 matches found

NVD
NVD
added last week12 views

CVE-2026-59896

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...

6.5CVSS0.00191EPSS
Exploits0References3
NVD
NVD
added last week9 views

CVE-2026-59897

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware o...

5.3CVSS0.00126EPSS
Exploits0References3
NVD
NVD
added last week8 views

CVE-2026-59895

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class...

6.1CVSS0.00187EPSS
Exploits0References3
EUVD
EUVD
added last week6 views

EUVD-2026-42327

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class...

6.1CVSS6.1AI score0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added last week4 views

CVE-2026-59895

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class...

6.1CVSS6.1AI score0.00187EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added last week34 views

CVE-2026-59895 Hono: Server-Side XSS via JSX Escaping Bypass in cx() Utility

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class...

6.1CVSS0.00187EPSS
Exploits0References3
CVE
CVE
added last week10 views

CVE-2026-59895

Hono (server-side JS framework) contains a CS/XSS flaw in cx() within hono/css: class name construction concatenates strings and marks the result as pre-escaped, bypassing HTML escaping. This allows untrusted className values used in a JSX class attribute during server-side rendering to break out...

6.1CVSS6.1AI score0.00187EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added last week6 views

EUVD-2026-42326

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...

6.5CVSS5.9AI score0.00191EPSS
Exploits0References3
Cvelist
Cvelist
added last week34 views

CVE-2026-59897 Hono: API Gateway v1 adapter can drop a distinct repeated request header value during de-duplication

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware o...

4.8CVSS0.00126EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.6 views

PT-2026-56506

Name of the Vulnerable Software and Affected Versions Hono versions 4.11.8 through 4.12.26 Description During server-side rendering, the hono/jsx module fails to isolate context values on a per-request basis. This allows data from a different in-flight request to be accessed after an await...

6.5CVSS6.1AI score0.00191EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.6 views

PT-2026-56507

Name of the Vulnerable Software and Affected Versions Hono versions 4.3.3 through 4.12.26 Description The AWS API Gateway v1 adapter incorrectly de-duplicates repeated request header values by using a substring comparison instead of an exact match. This behavior can lead to the loss of distinct...

5.3CVSS6.1AI score0.00126EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.8 views

PT-2026-56505

Name of the Vulnerable Software and Affected Versions Hono versions 4.0.0 through 4.12.26 Description The cx function in hono/css composes class names from plain strings but marks the result as already escaped without performing HTML-escaping on the input. This allows untrusted className values...

6.1CVSS6.2AI score0.00187EPSS
Exploits0References9
NVD
NVD
added 2026/06/30 11:16 p.m.5 views

CVE-2025-71381

Hono before 4.10.2 fixed in 4.10.3 contains a flaw in its CORS middleware: when the origin is not set to "", the middleware copies the Vary header from the incoming request into the response. Because Vary is a response header that should be managed by the server, an attacker can supply arbitrary...

6.9CVSS0.0028EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 11:53 a.m.24 views

CVE-2026-56761

CVE-2026-56761 affects the hono framework prior to 4.12.14, where server-side rendering of JSX allows HTML injection through malformed attribute names. Attackers can craft attribute keys containing characters like quotes or angle brackets, breaking tag boundaries and injecting unintended attribut...

5.3CVSS6AI score0.00174EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/22 7:17 p.m.10 views

CVE-2026-54288

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, the Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is...

6.5CVSS0.00103EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 6:16 p.m.15 views

CVE-2026-54286

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on Windows hosts, an encoded backslash %5C in the request path decodes to , which the Windows path resolver treats as a separator. serve-static then resolves a single URL segment such as...

5.9CVSS0.00292EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 6:16 p.m.14 views

CVE-2026-54287

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...

5.3CVSS0.00186EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 6:16 p.m.12 views

CVE-2026-54290

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, with credentials: true and no explicit origin the default wildcard, the CORS Middleware reflects the request's Origin and sends Access-Control-Allow-Credentials: true. Any site can then make...

7.1CVSS0.00248EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 6:16 p.m.15 views

CVE-2026-54289

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...

4.8CVSS0.00114EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 5:18 p.m.34 views

CVE-2026-54288 Hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, the Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is...

6.5CVSS0.00103EPSS
Exploits0References1
Rows per page
Query Builder