2 matches found
CVE-2026-59897
Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware o...
CVE-2025-65328
CVE-2025-65328 affects Mega-Fence (webgate-lib.*) 25.1.914 and earlier. The component trusts the first value of the X-Forwarded-For header as the client IP without validating a trusted proxy chain, enabling an attacker to spoof the client IP via XFF in remote requests. This spoofed IP can propaga...