Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7528 matches found

RedhatCVE
RedhatCVEadded 2026/02/26 10:34 p.m.4 views

CVE-2026-27700

Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo function incorrectly selected the first value from the X-Forwarded-For...

8.2CVSS5.4AI score0.00008EPSS
Exploits0References1
OSV
OSVadded 2026/02/26 4:27 p.m.3 views

GO-2026-4537 Caddy is vulnerable to cross-origin config application via local admin API /load in github.com/caddyserver/caddy/v2

Caddy is vulnerable to cross-origin config application via local admin API /load in github.com/caddyserver/caddy/v2...

8.2CVSS5.5AI score0.00027EPSS
Exploits1References3
Tenable Nessus
Tenable Nessusadded 2026/02/26 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-27589

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API default listen 127.0.0.1:2019 exposes a...

8.2CVSS5.8AI score0.00027EPSS
Exploits1References3
Tenable Nessus
Tenable Nessusadded 2026/02/26 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-3146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vipsforeignloadmatrixheader of the file libvips/foreign/matrixload....

5.5CVSS5.2AI score0.00016EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/02/26 12:0 a.m.3 views

PT-2026-22103

Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...

7.1CVSS5.4AI score0.00036EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/02/25 6:2 p.m.5 views

Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo

Summary When using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo function incorrectly selected the first value from the X-Forwarded-For header. Because AWS ALB appends the real client IP address to the end of the X-Forwarded-For header, the first...

8.2CVSS5.5AI score0.00008EPSS
Exploits0References5Affected Software1
Snyk
Snykadded 2026/02/25 6:2 p.m.4 views

User Impersonation

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to User Impersonation via the getConnInfo function in the adapter/aws-lambda/conninfo.ts‎ file. An attacker can gain unauthorized access to resources protected by IP-based access controls by...

8.8CVSS6AI score0.00008EPSS
Exploits0References2
OSV
OSVadded 2026/02/25 6:2 p.m.1 views

GHSA-XH87-MX6M-69F3 Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo

Summary When using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo function incorrectly selected the first value from the X-Forwarded-For header. Because AWS ALB appends the real client IP address to the end of the X-Forwarded-For header, the first...

8.2CVSS5.9AI score0.00008EPSS
Exploits0References5
NVD
NVDadded 2026/02/25 4:23 p.m.2 views

CVE-2026-27700

Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo function incorrectly selected the first value from the X-Forwarded-For...

8.2CVSS0.00008EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/02/25 3:1 p.m.18 views

CVE-2026-27700 Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo

Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo function incorrectly selected the first value from the X-Forwarded-For...

8.2CVSS0.00008EPSS
Exploits0References3
OSV
OSVadded 2026/02/25 3:1 p.m.3 views

CVE-2026-27700 Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo

Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo function incorrectly selected the first value from the X-Forwarded-For...

8.2CVSS5.5AI score0.00008EPSS
Exploits0References5
CVE
CVEadded 2026/02/25 3:1 p.m.7 views

CVE-2026-27700

CVE-2026-27700 affects Hono’s AWS Lambda adapter behind ALB. In versions 4.12.0 and 4.12.1, getConnInfo() erroneously took the first value from the X-Forwarded-For header. Since AWS ALB appends the real client IP to the end of X-Forwarded-For, an attacker could control the first IP value, potenti...

8.2CVSS5.4AI score0.00008EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/25 3:1 p.m.2 views

CVE-2026-27700 Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo

Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo function incorrectly selected the first value from the X-Forwarded-For...

8.2CVSS5.9AI score0.00008EPSS
Exploits0References3
Huntr
Huntradded 2026/02/25 11:32 a.m.8 views

Incomplete Fix for CVE-2026-1669: HDF5 External Storage File Disclosure in Legacy H5 Loading

Description Keras 3 patched CVE-2026-1669 HDF5 External Storage File Disclosure in the new .keras and .weights.h5 loading paths by adding verifydataset to check for dataset.external in H5IOStore. However, the legacy .h5 loading path keras/src/legacy/saving/legacyh5format.py was not patched. This...

7.5CVSS5.9AI score0.00014EPSS
Exploits0
EUVD
EUVDadded 2026/02/25 6:31 a.m.5 views

EUVD-2026-8610

A vulnerability was found in libvips up to 8.18.0. This affects the function vipsforeignloadcsvbuild of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch i...

7.8CVSS5.5AI score0.00026EPSS
Exploits1References9
Snyk
Snykadded 2026/02/25 6:14 a.m.4 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the vipsforeignloadcsvbuild function. An attacker can execute arbitrary code or cause a denial of service by providing specially crafted CSV files. Remediation A fix was pushed into the master branch but no...

7.8CVSS6.4AI score0.00026EPSS
Exploits1References2
NVD
NVDadded 2026/02/25 4:16 a.m.8 views

CVE-2026-3147

A vulnerability was found in libvips up to 8.18.0. This affects the function vipsforeignloadcsvbuild of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch i...

7.8CVSS0.00026EPSS
Exploits1References8
UbuntuCve
UbuntuCveadded 2026/02/25 4:16 a.m.1 views

CVE-2026-3147

A vulnerability was found in libvips up to 8.18.0. This affects the function vipsforeignloadcsvbuild of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch i...

7.8CVSS6AI score0.00026EPSS
Exploits1References9
OSV
OSVadded 2026/02/25 4:16 a.m.0 views

UBUNTU-CVE-2026-3147

A vulnerability was found in libvips up to 8.18.0. This affects the function vipsforeignloadcsvbuild of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch i...

7.8CVSS5.9AI score0.00026EPSS
Exploits1References10
ATTACKERKB
ATTACKERKBadded 2026/02/25 3:32 a.m.3 views

CVE-2026-3147

A vulnerability was found in libvips up to 8.18.0. This affects the function vipsforeignloadcsvbuild of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch i...

7.8CVSS5.5AI score0.00026EPSS
Exploits1References8
Rows per page
Query Builder