1096 matches found
CVE-2026-47737 Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections
Puma is a Ruby/Rack web server built for parallelism. From 5.5.0 until 7.2.1 and 8.0.2, Puma is vulnerable to source IP spoofing when setremoteaddress proxyprotocol: :v1 is enabled and persistent connections are used because Puma incorrectly re-parses PROXY protocol headers after each keep-alive...
python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations
A flaw was found in Python. Its incremental HTML parser can be exploited by a remote attacker. By sending specially crafted, uncontrolled data with repeated, incomplete markup declarations, the attacker can cause the system to consume excessive central processing unit CPU resources. This leads to...
EUVD-2026-43095
Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a denial-of-service attack...
CVE-2026-42952
Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a denial-of-service attack...
CVE-2026-51602
CVE-2026-51602 describes a stack-based buffer overflow in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91). An unauthenticated remote attacker can cause a denial of service by sending a crafted SETUP request. The root cause is the second-stage URL routing parser failing to validate the le...
CVE-2026-58250
CVE-2026-58250 affects NATS Server: an unauthenticated peer with access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by sending repeated leafnode INFO messages. The issue is fixed in versions 2.12.8 and 2.11.17 . Exploitat...
CVE-2026-59897
CVE-2026-59897 affects Hono: API Gateway v1 adapter (versions prior to 4.12.27). The AWS API Gateway v1 adapter drops a distinct repeated request header value due to de-duplication by substring comparison instead of exact match, which can cause incomplete data in headers like X-Forwarded-For. Thi...
CVE-2025-59617
CVE-2025-59617 describes a memory corruption (likely use-after-free) when processing multiple IOCTL calls sharing the same buffer file descriptor. The issue is referenced under Computer Vision in CVE lists; concrete affected product/vendor/version are not specified in the provided documents. CVSS...
FlowDrop - Moderately critical - Access bypass - SA-CONTRIB-2026-068
This module enables you to test and run AI-driven workflows interactively through a chat interface. The module doesn't sufficiently re-evaluate a human-in-the-loop approval gate where the workflow iterates more than once. This may result in execution of workflows that were not intended by the use...
CVE-2026-54289
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...
CVE-2026-54289 Hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...
CVE-2026-54289
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...
CVE-2026-54289 Hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...
CVE-2026-54289
CVE-2026-54289 — Hono Lambda@Edge header handling : On AWS Lambda@Edge, prior to 4.12.25, CloudFront may deliver repeated headers as multiple entries. The Hono Lambda@Edge adapter uses Headers.set for each value, overwriting the previous one, so only the last value reaches the application. Header...
CVE-2026-53550 js-yaml: Quadratic-complexity DoS in merge key handling via repeated aliases
js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...
Improper Handling Of HTTP Headers
hono is vulnerable to Improper Handling of HTTP Headers. The vulnerability is due to using Headers.set instead of Headers.append when processing repeated request headers, which allows multiple header values to be overwritten and truncated, potentially enabling attackers to bypass security control...
CVE-2025-13036
An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid authentication token...
NPM: hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest
NPM: hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...
hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest
Summary On AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so every value overwrites the previous one and only the last reaches the application. Repeated reques...
PT-2026-49736
Summary On AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so every value overwrites the previous one and only the last reaches the application. Repeated reques...