Lucene search
K

73 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51785

Name of the Vulnerable Software and Affected Versions hono versions prior to 4.12.14 Description An HTML injection issue exists in the JSX server-side rendering SSR process. Attackers can inject unintended HTML by using malformed attribute names. By crafting attribute keys that include characters...

5.3CVSS5.9AI score0.00174EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/06/16 2:32 p.m.5 views

NPM: hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`

NPM: hono: Body Limit Middleware can be bypassed on AWS Lambda by understating Content-Length vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...

6.5CVSS5.8AI score0.00103EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/16 2:8 p.m.8 views

Improper Encoding or Escaping of Output

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the AWS Lambda adapter's handling of multiple Set-Cookie headers. An attacker can cause clients to drop or misinterpret cookies by triggering...

6.9CVSS5.9AI score0.00186EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/06/04 6:1 p.m.7 views

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @abyedev/hono-dotenv (=1.0.0) +591 more potentially affected by CVE-2026-47676 via hono (>=0.5.10 <=4.12.2)

hono NPM version =0.5.10, =0.1.8-fix.3, =5.0.0, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.1.1, =0.0.1, =0.0.2-a, =0.1.22, =1.1.1, =1.3.0 and more Source cves: CVE-2026-47676 Source advisory: OSV:GHSA-2GCR-MFCQ-WCC3...

5.3CVSS5.7AI score0.0026EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/04 6:0 p.m.6 views

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @abyedev/hono-dotenv (=1.0.0) +591 more potentially affected by CVE-2026-47674 via hono (>=0.5.10 <=4.12.2)

hono NPM version =0.5.10, =0.1.8-fix.3, =5.0.0, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.1.1, =0.0.1, =0.0.2-a, =0.1.22, =1.1.1, =1.3.0 and more Source cves: CVE-2026-47674 Source advisory: OSV:GHSA-XRHX-7G5J-RCJ5...

5.3CVSS5.7AI score0.00244EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/04 5:59 p.m.6 views

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @abyedev/hono-dotenv (=1.0.0) +591 more potentially affected by CVE-2026-47675 via hono (>=0.5.10 <=4.12.2)

hono NPM version =0.5.10, =0.1.8-fix.3, =5.0.0, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.1.1, =0.0.1, =0.0.2-a, =0.1.22, =1.1.1, =1.3.0 and more Source cves: CVE-2026-47675 Source advisory: OSV:GHSA-3HRH-PFW6-9M5X...

5.3CVSS5.7AI score0.00216EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/04 5:52 p.m.7 views

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @abyedev/hono-dotenv (=1.0.0) +591 more potentially affected by CVE-2026-47673 via hono (>=0.5.10 <=4.12.2)

hono NPM version =0.5.10, =0.1.8-fix.3, =5.0.0, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.1.1, =0.0.1, =0.0.2-a, =0.1.22, =1.1.1, =1.3.0 and more Source cves: CVE-2026-47673 Source advisory: OSV:GHSA-F577-QRJJ-4474...

6.5CVSS5.7AI score0.00199EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/28 6:24 p.m.7 views

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @agimon-ai/browse-tool (>=0.2.0 <=0.11.1) +310 more potentially affected by CVE-2026-47674 via hono (>=4.0.0 <=4.12.2)

hono NPM version =4.0.0, =0.1.8-fix.3, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.0.1, =1.7.2, =1.7.1, =0.2.1, =0.6.1, =0.5.2, =0.5.4 - @babylen/legion =0.1.7 and more Source cves: CVE-2026-47674 Source advisory: SNYK:JS-HONO-17055760...

5.3CVSS5.7AI score0.00244EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/28 6:24 p.m.6 views

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @agimon-ai/browse-tool (>=0.2.0 <=0.11.1) +310 more potentially affected by CVE-2026-47675 via hono (>=4.0.0 <=4.12.2)

hono NPM version =4.0.0, =0.1.8-fix.3, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.0.1, =1.7.2, =1.7.1, =0.2.1, =0.6.1, =0.5.2, =0.5.4 - @babylen/legion =0.1.7 and more Source cves: CVE-2026-47675 Source advisory: SNYK:JS-HONO-17055753...

5.3CVSS5.7AI score0.00216EPSS
Exploits0
Snyk
Snyk
added 2026/05/28 6:24 p.m.12 views

HTTP Response Splitting

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Response Splitting via the serialize function. An attacker can inject arbitrary attributes into the Set-Cookie response header by supplying crafted input to the sameSite or priority...

5.3CVSS5.9AI score0.00216EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/28 6:24 p.m.6 views

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @agimon-ai/browse-tool (>=0.2.0 <=0.11.1) +310 more potentially affected by CVE-2026-47673 via hono (>=4.0.0 <=4.12.2)

hono NPM version =4.0.0, =0.1.8-fix.3, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.0.1, =1.7.2, =1.7.1, =0.2.1, =0.6.1, =0.5.2, =0.5.4 - @babylen/legion =0.1.7 and more Source cves: CVE-2026-47673 Source advisory: SNYK:JS-HONO-17055751...

6.5CVSS5.7AI score0.00199EPSS
Exploits0
Snyk
Snyk
added 2026/05/28 6:24 p.m.14 views

HTTP Request Smuggling

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Request Smuggling via the app.mount function. An attacker can access unintended routes or resources by sending requests with percent-encoded multi-byte characters in the URL path,...

6.9CVSS5.8AI score0.0026EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/06 11:49 p.m.7 views

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @agimon-ai/browse-tool (>=0.2.0 <=0.8.4) +257 more potentially affected by CVE-2026-44455 via hono (>=4.0.0 <=4.12.15)

hono NPM version =4.0.0, =0.1.8-fix.3, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.0.1, =1.7.2, =1.7.1, =0.2.1, =0.6.1, =0.5.2, =0.5.4 - @babylen/legion =0.1.7 and more Source cves: CVE-2026-44455 Source advisory: SNYK:JS-HONO-16438965...

6.1CVSS5.7AI score0.0014EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/06 11:49 p.m.6 views

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @abyedev/hono-dotenv (=1.0.0) +538 more potentially affected by CVE-2026-44455 via hono (>=0.5.10 <=4.12.15)

hono NPM version =0.5.10, =0.1.8-fix.3, =5.0.0, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.1.1, =0.0.1, =0.0.2-a, =0.1.22, =1.1.1, =1.3.0 and more Source cves: CVE-2026-44455 Source advisory: OSV:GHSA-69XW-7HCM-H432...

6.1CVSS5.7AI score0.0014EPSS
Exploits0
Veracode
Veracode
added 2026/04/17 9:26 a.m.7 views

Path Traversal

Hono is vulnerable to Path Traversal. The vulnerability is due to a path traversal issue in toSSG, where specially crafted values can cause generated file paths to escape the intended output directory, and attackers who can influence values passed to ssgParams during the build process may be able...

7.5CVSS5.7AI score0.00532EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/16 1:2 a.m.9 views

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @agimon-ai/browse-tool (>=0.2.0 <=0.8.4) +241 more potentially affected by unknown CVE via hono (>=4.0.0 <=4.12.12)

hono NPM version =4.0.0, =0.1.8-fix.3, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.0.1, =1.7.2, =1.7.1, =0.2.1, =0.6.1, =0.5.2, =0.5.4 - @babylen/legion =0.1.7 and more Source cves: unknown CVE Source advisory: SNYK:JS-HONO-16080667...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 1:2 a.m.8 views

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @abyedev/hono-dotenv (=1.0.0) +523 more potentially affected by CVE-2026-56761 via hono (>=0.5.10 <=4.12.12)

hono NPM version =0.5.10, =0.1.8-fix.3, =5.0.0, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.1.1, =0.0.1, =0.0.2-a, =0.1.22, =1.1.1, =1.3.0 and more Source cves: CVE-2026-56761 Source advisory: OSV:GHSA-458J-XX4X-4375...

5.3CVSS5.7AI score0.00174EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/08 12:17 a.m.7 views

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @agimon-ai/browse-tool (>=0.2.0 <=0.5.5) +212 more potentially affected by CVE-2026-39410 via hono (>=4.0.0 <=4.12.10)

hono NPM version =4.0.0, =0.1.8-fix.3, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =2026.4.4, =1.0.2, =0.0.1, =1.7.2, =1.7.1, =0.2.1, =0.6.1, =0.5.2, =1.0.1-beta.0, =1.0.1-beta.7 and more Source cves: CVE-2026-39410 Source advisory: SNYK:JS-HONO-15928832...

4.8CVSS5.7AI score0.00284EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/08 12:17 a.m.6 views

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @abyedev/hono-dotenv (=1.0.0) +494 more potentially affected by CVE-2026-39410 via hono (>=0.5.10 <=4.12.10)

hono NPM version =0.5.10, =0.1.8-fix.3, =5.0.0, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =2026.4.4, =1.0.2, =0.1.1, =0.0.1, =0.0.2-a, =0.1.22, =1.1.1, =0.0.1, =0.0.8 and more Source cves: CVE-2026-39410 Source advisory: OSV:GHSA-R5RP-J6WH-RVV4...

4.8CVSS5.7AI score0.00284EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/08 12:17 a.m.5 views

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @agimon-ai/browse-tool (>=0.2.0 <=0.5.5) +212 more potentially affected by CVE-2026-39409 via hono (>=4.0.0 <=4.12.10)

hono NPM version =4.0.0, =0.1.8-fix.3, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =2026.4.4, =1.0.2, =0.0.1, =1.7.2, =1.7.1, =0.2.1, =0.6.1, =0.5.2, =1.0.1-beta.0, =1.0.1-beta.7 and more Source cves: CVE-2026-39409 Source advisory: SNYK:JS-HONO-15928834...

6.3CVSS5.7AI score0.00342EPSS
Exploits0
Rows per page
Query Builder