Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Vulnrichment
Vulnrichmentadded 2026/05/13 2:57 p.m.8 views

CVE-2026-44455 Hono: Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

4.7CVSS5.8AI score0.0014EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/05/13 12:0 a.m.6 views

Hono 注入漏洞

Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.16 had an injection vulnerability. This vulnerability stemmed from improper handling of JSX element tag names in hono/jsx, allowing unvalidated tag names to be directly inserted into the generated...

6.1CVSS5.8AI score0.0014EPSS
Exploits0References2
OSV
OSVadded 2026/05/06 11:49 p.m.12 views

GHSA-69XW-7HCM-H432 hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection

Summary Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the programmatic jsx or createElement APIs during server-side rendering, specially crafted values may...

4.7CVSS5.7AI score0.0014EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/05/06 11:49 p.m.9 views

hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection

Summary Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the programmatic jsx or createElement APIs during server-side rendering, specially crafted values may...

6.1CVSS5.7AI score0.0014EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2026/02/20 11:16 p.m.9 views

CVE-2026-27122

svelte performance oriented web framework. Prior to 5.51.5, when using in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output...

5.4CVSS0.00189EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/02/20 12:0 a.m.7 views

Svelte 跨站脚本漏洞

Svelte is an open-source approach to building web applications developed by Svelte. Versions of Svelte prior to 5.51.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of validation or cleanup of tag names during server-side rendering, which could lead to...

5.4CVSS5.7AI score0.00189EPSS
Exploits0References1
Rows per page
Query Builder