Lucene search
+L

184 matches found

OSV
OSV
added 2026/05/18 4:37 p.m.10 views

GHSA-9RH9-HF3W-9FGG shopper/framework: Race condition on Discount.usage_limit allows silent over-redemption

Impact CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was silently exceeded: orders were committed with the...

5.9CVSS5.8AI score0.00239EPSS
Exploits0References7
NVD
NVD
added 2026/05/13 4:16 p.m.53 views

CVE-2026-44457

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...

5.3CVSS0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 2:58 p.m.69 views

CVE-2026-44457 Hono: Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...

5.3CVSS0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:58 p.m.10 views

CVE-2026-44457

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Hono 安全漏洞

Hono is a web framework built in TypeScript for the Hono community. Versions of Hono prior to 4.12.18 contained security vulnerabilities. These vulnerabilities stemmed from the caching middleware not skipping the caching of responses that declared differences per user. This could result in cached...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 6:31 p.m.14 views

EUVD-2026-29081

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.1AI score0.00455EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/11 2:35 p.m.38 views

CVE-2026-7813 pgAdmin 4: Cross-user data access and shared-server privilege escalation in server mode

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS0.00455EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 2:35 p.m.2 views

CVE-2026-7813 pgAdmin 4: Cross-user data access and shared-server privilege escalation in server mode

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.4CVSS6.2AI score0.00455EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.12 views

Unity Linux 20.1060e / 20.1070e Security Update: jackson-databind (UTSA-2026-017518)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017518 advisory. FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS6.9AI score0.07694EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: jackson-databind (UTSA-2026-017572)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017572 advisory. FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.8CVSS6.9AI score0.10379EPSS
Exploits1References4
OSV
OSV
added 2026/05/09 12:28 a.m.46 views

GHSA-P77W-8QQV-26RM Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

Summary Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be served to subsequent requests from different users. Details The Cache Middleware skips caching when...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/09 12:28 a.m.16 views

Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

Summary Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be served to subsequent requests from different users. Details The Cache Middleware skips caching when...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/09 12:0 a.m.25 views

PT-2026-39327

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.18 Description Cache Middleware fails to skip caching for responses that declare per-user variance using the Vary: Authorization or Vary: Cookie headers. While the middleware correctly skips caching for Vary: ,...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References170
Patchstack
Patchstack
added 2026/04/22 3:26 p.m.10 views

WordPress Maximum Products per User for WooCommerce plugin <= 4.3.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Maximum Products per User for WooCommerce versions = 4.3.6...

6.5CVSS7.3AI score0.00209EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/03/03 4:8 a.m.3 views

Malicious Package

Overview xpack-per-user is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Metasploit
Metasploit
added 2026/02/20 6:55 p.m.420 views

Windows Registry Active Setup Persistence

This module will register a payload to run via the Active Setup mechanism in Windows. Active Setup is a Windows feature that runs once per user at login. It triggers in a user context, losing privileges from admin to user. Active Setup will open a popup box with "Personalized Settings" and the te...

6.1AI score
Exploits0
NVD
NVD
added 2026/02/12 7:15 p.m.4 views

CVE-2026-26219

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...

9.3CVSS0.00191EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/05 6:36 p.m.10 views

Malicious code in xpack-per-user (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd02e72044e1a432dd520594d89d568cdd80feaef160f24160f04cc549662c08 The package xpack-per-user was found to contain malicious code. Source: ghsa-malware 1182af58fca66833bb4a361e986f5ba960d9e9ab320cd787464bda92246392fb...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/02/05 6:36 p.m.5 views

MAL-2026-770 Malicious code in xpack-per-user (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd02e72044e1a432dd520594d89d568cdd80feaef160f24160f04cc549662c08 The package xpack-per-user was found to contain malicious code. Source: ghsa-malware 1182af58fca66833bb4a361e986f5ba960d9e9ab320cd787464bda92246392fb...

5.9AI score
Exploits0References1
Grafana
Grafana
added 2026/01/27 12:0 a.m.15 views

Cross-dashboard privilege escalation via permission management

Grafana is an open-source platform for monitoring and observability. The platform supports creating dashboards, which collate various visualisation panels onto one plane. These can have per-user permissions. If a user has permission management rights on one dashboard, they could edit the...

8.1CVSS7.2AI score0.00647EPSS
Exploits1
Rows per page
Query Builder