Lucene search
+L

1096 matches found

Vulnrichment
Vulnrichment
added 2026/04/08 2:34 p.m.4 views

CVE-2026-39406 @hono/node-server has a middleware bypass via repeated slashes in serveStatic

@hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the...

5.3CVSS5.9AI score0.00376EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 2:34 p.m.22 views

CVE-2026-39406 @hono/node-server has a middleware bypass via repeated slashes in serveStatic

@hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the...

5.3CVSS0.00376EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 2:34 p.m.32 views

CVE-2026-39406

The CVE concerns @hono/node-server where a path handling inconsistency in serveStatic allows bypassing route-based middleware via repeated slashes (//) in the request path. Before version 1.19.13, the router may not match paths containing repeated slashes (e.g., /admin/*) while serveStatic resolv...

5.3CVSS5.9AI score0.00376EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/08 2:34 p.m.2 views

CVE-2026-39406 @hono/node-server has a middleware bypass via repeated slashes in serveStatic

@hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the...

5.3CVSS5.9AI score0.00376EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/08 1:58 p.m.4 views

brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion

A flaw was found in the brace-expansion component. This denial of service DoS vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory...

9.2CVSS5.9AI score0.00481EPSS
Exploits0References5
OSV
OSV
added 2026/04/08 1:30 p.m.14 views

CLSA-2026-1775649722 libxml2: Fix of 6 CVEs

CVE-2024-34459: fix buffer over-read in xmlHTMLPrintFileContext in xmllint - CVE-2025-8732: fix stack overflow from self-referencing SGML CATALOG entries - CVE-2026-0989: add RelaxNG include recursion limit - CVE-2026-0990: prevent infinite recursion in xmlCatalogListXMLResolveURI -...

7.5CVSS6AI score0.02298EPSS
Exploits5References1
EUVD
EUVD
added 2026/04/08 12:16 a.m.5 views

EUVD-2026-20493

Hono: Middleware bypass via repeated slashes in serveStatic...

5.3CVSS5.9AI score0.00459EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/08 12:16 a.m.13 views

Hono: Middleware bypass via repeated slashes in serveStatic

Summary A path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the router may not match paths containing repeated slashes, while serveStatic...

5.3CVSS5.8AI score0.00459EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/08 12:16 a.m.9 views

GHSA-WMMM-F939-6G9C Hono: Middleware bypass via repeated slashes in serveStatic

Summary A path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the router may not match paths containing repeated slashes, while serveStatic...

5.3CVSS5.7AI score0.00459EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/08 12:16 a.m.4 views

Directory Traversal

Overview @hono/node-server is a Node.js Adapter for Hono Affected versions of this package are vulnerable to Directory Traversal due to inconsistent handling of repeated slashes in the serveStatic process. An attacker can access sensitive static files that are intended to be protected by bypassin...

6.9CVSS6.3AI score0.00376EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/08 12:16 a.m.23 views

@hono/node-server: Middleware bypass via repeated slashes in serveStatic

Summary A path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the router may not match paths containing repeated slashes, while serveStatic...

5.3CVSS5.9AI score0.00376EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/08 12:16 a.m.5 views

EUVD-2026-20491

@hono/node-server: Middleware bypass via repeated slashes in serveStatic...

5.3CVSS5.9AI score0.00376EPSS
Exploits0References3
OSV
OSV
added 2026/04/08 12:16 a.m.2 views

GHSA-92PP-H63X-V22M @hono/node-server: Middleware bypass via repeated slashes in serveStatic

Summary A path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the router may not match paths containing repeated slashes, while serveStatic...

5.3CVSS5.8AI score0.00376EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31280

Summary A path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the router may not match paths containing repeated slashes, while serveStatic...

5.3CVSS5.9AI score0.00376EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31281

Summary A path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the router may not match paths containing repeated slashes, while serveStatic...

5.3CVSS5.8AI score0.00459EPSS
Exploits0References5
Veracode
Veracode
added 2026/04/07 4:0 p.m.6 views

Uncontrolled Resource Consumption

github.com/containerd/containerd is vulnerable to uncontrolled resource consumption. The vulnerability is due to goroutine leaks in the attach mechanism, which allows an attacker to exhaust host memory by repeatedly initiating attach requests...

6.9CVSS5.9AI score0.00162EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/30 11:2 a.m.22 views

CVE-2018-25234 SmartFTP Client 9.0.2615.0 Denial of Service via Host Field

SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can paste a buffer of 300 repeated characters into the Host connection parameter to trigger an applicatio...

6.9CVSS0.00206EPSS
Exploits1References4
CVE
CVE
added 2026/03/30 11:2 a.m.10 views

CVE-2018-25234

CVE-2018-25234 affects SmartFTP Client 9.0.2615.0. The vulnerability is a local denial-of-service caused by supplying an excessively long string in the Host field, with demonstrations using a buffer of 300 repeated characters to trigger an application crash. The connected documents confirm the pr...

6.9CVSS6.1AI score0.00206EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/23 9:36 p.m.12 views

EUVD-2026-14565

OpenClaw before 2026.3.1 contains an unbounded memory growth vulnerability in the Zalo webhook endpoint that allows unauthenticated attackers to trigger memory exhaustion by varying query strings. Attackers can send repeated requests with different query parameters to the same webhook route,...

8.7CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 2026/03/23 3:30 p.m.6 views

EUVD-2019-19990

Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application to read it, causin...

6.9CVSS6AI score0.00174EPSS
Exploits1References5
Rows per page
Query Builder