10 matches found
CVE-2026-8796
Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...
CVE-2026-24473 Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter)
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to read arbitrary keys from the Workers environment...
CVE-2026-24473 Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter)
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to read arbitrary keys from the Workers environment...
CVE-2026-24473
CVE-2026-24473 affects the Hono web framework (prior to 4.11.7) and its Serve static Middleware for the Cloudflare Workers adapter. The issue is an information disclosure where an attacker may read arbitrary keys from the Workers environment due to improper validation of user-controlled paths. Th...
GHSA-W332-Q679-J88P Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter)
Summary Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to read arbitrary keys from the Workers environment. Improper validation of user-controlled paths can result in unintended access to internal asset keys...
WordPress Plugin SIGMA Lite & Lite+ Buffer Error Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
kernel: NULL pointer dereference due to KEYCTL_READ on negative key
A vulnerability was found in the Key Management sub component of the Linux kernel, where when trying to issue a KEYTCLREAD on a negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel...
kernel: NULL pointer dereference due to KEYCTL_READ on negative key
A vulnerability was found in the Key Management sub component of the Linux kernel, where when trying to issue a KEYTCLREAD on a negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel...
Philips Hue Bridge BSB002 public API security bypass vulnerability
Philips Hue Bridge BSB002 is a smart home lighting system from Philips in the Netherlands. public API is one of the public interfaces. A security vulnerability exists in the public API in the Philips Hue Bridge BSB002 using firmware version 1707040932, where the vulnerable program fails to encryp...
PT-2017-12395 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.13.5 Description: The issue arises from the keyctl read key function in the Key Management subcomponent of the Linux kernel, which does not properly handle keys that are possessed but negatively instantiated...