CVE-2026-56762

Hono before 4.12.12 does not validate cookie names on the write path in the setCookie, serialize, and serializeSigned functions, allowing invalid characters such as control characters e.g. \r or \n when an application passes a user-controlled cookie name. This can produce malformed Set-Cookie...

CVE-2026-56762

Hono CVE-2026-56762 affects Hono before 4.12.12, where cookie-name validation is missing on the write path in setCookie(), serialize(), and serializeSigned(). This allows invalid characters (e.g., control chars like \r/\n) in user-controlled cookie names, producing malformed Set-Cookie header val...

CVE-2026-56762 Hono - Missing Cookie Name Validation in setCookie()

Hono before 4.12.12 does not validate cookie names on the write path in the setCookie, serialize, and serializeSigned functions, allowing invalid characters such as control characters e.g. \r or \n when an application passes a user-controlled cookie name. This can produce malformed Set-Cookie...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: CVE-2026-31405: media: dvb-net: fix OOB access in ULE extension header tables bsc1261700. CVE-2026-31473: media: mc, v4l2: serialize REINIT and REQBUFS with reqqueuemutex...

serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization

A flaw was found in serialize-javascript. An attacker can exploit this vulnerability by providing a specially crafted "array-like" object with an excessively large length property during the serialization process. This action causes the application to enter an intensive loop, leading to 100% CPU...

serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization

A flaw was found in serialize-javascript. An attacker can exploit this vulnerability by providing a specially crafted "array-like" object with an excessively large length property during the serialization process. This action causes the application to enter an intensive loop, leading to 100% CPU...

serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization

A flaw was found in serialize-javascript. An attacker can exploit this vulnerability by providing a specially crafted "array-like" object with an excessively large length property during the serialization process. This action causes the application to enter an intensive loop, leading to 100% CPU...

ROOT-APP-NPM-GHSA-5C6J-R48X-RMVQ GHSA-5c6j-r48x-rmvq in @rootio/serialize-javascript - Patched by Root

Root has patched GHSA-5c6j-r48x-rmvq in the @rootio/serialize-javascript package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-34043 CVE-2026-34043 in @rootio/serialize-javascript - Patched by Root

Root has patched CVE-2026-34043 in the @rootio/serialize-javascript package for Root:npm. Multiple fixed versions available...

RockyLinux 10 : .NET 8.0 (RLSA-2026:21286)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21286 advisory. serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization CVE-2026-34043 dotnet: .NET: infini...

MiracleLinux 8 : dotnet8.0-8.0.127-1.el8_10.ML.1 (AXSA:2026-756:09)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-756:09 advisory. serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization CVE-2026-34043 dotnet: .NET:...

RLSA-2026:21293 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.127 and .NET Runtime...

RockyLinux 9 : .NET 8.0 (RLSA-2026:21293)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21293 advisory. serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization CVE-2026-34043 dotnet: .NET: infinit...

RockyLinux 8 : .NET 8.0 (RLSA-2026:21291)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21291 advisory. serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization CVE-2026-34043 dotnet: .NET: infinit...

HTTP Response Splitting

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Response Splitting via the serialize function. An attacker can inject arbitrary attributes into the Set-Cookie response header by supplying crafted input to the sameSite or priority...

CVE-2026-47675

Summary: Hono prior to 4.12.21 has a vulnerability in the serialize() function of hono/cookie where domain and path options are validated to prevent Set-Cookie header corruption, but sameSite and priority are not validated. This can allow user-controlled input to inject attacker-chosen attributes...

SUSE CVE-2026-45897

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftcounter: serialize reset with spinlock Add a global static spinlock to serialize counter fetch+reset operations, preventing concurrent dump-and-reset from underrunning values. The lock is taken before fetching the...

AlmaLinux 8 : .NET 8.0 (ALSA-2026:21291)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21291 advisory. serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization CVE-2026-34043 dotnet: .NET: infinite...

Hono 安全漏洞

Hono is a web framework built in TypeScript for the Hono community. Versions of Hono prior to 4.12.21 contained security vulnerabilities. These vulnerabilities stemmed from the serialize function not verifying the sameSite and priority options. This could allow the application to pass...

AlmaLinux 9 : .NET 8.0 (ALSA-2026:21293)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21293 advisory. serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization CVE-2026-34043 dotnet: .NET: infinite...