Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Cvelist
Cvelistadded 2026/04/08 2:34 p.m.17 views

CVE-2026-39406 @hono/node-server has a middleware bypass via repeated slashes in serveStatic

@hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the...

5.3CVSS0.00019EPSS
Exploits0References1
OSV
OSVadded 2026/04/08 12:16 a.m.0 views

GHSA-92PP-H63X-V22M @hono/node-server: Middleware bypass via repeated slashes in serveStatic

Summary A path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the router may not match paths containing repeated slashes, while serveStatic...

5.3CVSS5.8AI score0.00019EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2026/04/08 12:16 a.m.6 views

@hono/node-server: Middleware bypass via repeated slashes in serveStatic

Summary A path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the router may not match paths containing repeated slashes, while serveStatic...

5.3CVSS5.9AI score0.00019EPSS
Exploits0References5Affected Software1
Snyk
Snykadded 2026/03/05 2:7 a.m.1 views

Improper Handling of URL Encoding (Hex Encoding)

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Handling of URL Encoding Hex Encoding via inconsistent URL decoding between the serveStatic process and route-based middleware protections. An attacker can access protected stati...

9.8CVSS5.8AI score0.0005EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2025/12/30 3:32 p.m.5 views

Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU)

A NestJS application is vulnerable if it meets all of the following criteria: 1. Platform: Uses @nestjs/platform-fastify. 2. Security Mechanism: Relies on NestMiddleware via MiddlewareConsumer for security checks authentication, authorization, etc., or through app.use 3. Routing: Applies middlewa...

9.1CVSS6.9AI score0.00026EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2023/09/15 11:5 a.m.1 views

OESA-2023-1636 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2SESSIONSETUP commands. The issue results from the lack of control of resource consumption...

7.8CVSS6.1AI score0.00089EPSS
Exploits1References8
Rows per page
Query Builder