Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:26 p.m.6 views

CVE-2026-39407

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for...

5.3CVSS5.4AI score0.00459EPSS
Exploits0References1
Snyk
Snykadded 2026/04/08 12:16 a.m.10 views

Directory Traversal

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Directory Traversal via the serveStatic function. An attacker can access sensitive static files intended to be protected by route-based middleware by crafting request paths with repeated...

6.9CVSS6.3AI score0.00459EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/03/07 7:31 p.m.4 views

CVE-2026-29087

@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections e.g. protecting /admin/, inconsistent URL decoding can allow protected static resources to be accessed...

7.5CVSS5.7AI score0.00327EPSS
Exploits0References1
NVD
NVDadded 2026/03/06 6:16 p.m.6 views

CVE-2026-29087

@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections e.g. protecting /admin/, inconsistent URL decoding can allow protected static resources to be accessed...

7.5CVSS0.00327EPSS
Exploits0References2
NVD
NVDadded 2025/02/20 9:15 p.m.17 views

CVE-2025-27098

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file handler allows any...

7.5CVSS0.00336EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2025/02/07 1:0 a.m.6 views

CVE-2025-1086 Safetytest Cloud-Master Server static path traversal

A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. This vulnerability affects unknown code of the file /static/. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to th...

6.9CVSS6.9AI score0.00748EPSS
Exploits0References3
Cvelist
Cvelistadded 2024/09/10 7:31 p.m.21 views

CVE-2024-8655 Mercury MNVR816 web-static file access

A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to...

6.9CVSS0.00455EPSS
Exploits0References3
Rows per page
Query Builder