CVE-2026-22817

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the selected JWK did not explicitly specify an algorith...

CVE-2026-22817 JWT Algorithm Confusion via Unsafe Default (HS256) in Hono JWT Middleware Allows Token Forgery and Auth Bypass

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the selected JWK did not explicitly specify an algorith...

CVE-2026-22818 JWT algorithm confusion in Hono JWK Auth Middleware when JWK lacks "alg" (untrusted header.alg fallback)

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly defi...

CVE-2025-68512

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Stored XSS.This issue affects Real 3D FlipBook: from n/a through = 4.11.4...

EUVD-2025-205204

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Stored XSS.This issue affects Real 3D FlipBook: from n/a through = 4.11.4...

CVE-2025-68512

CVE-2025-68512 is a stored XSS vulnerability in the WordPress Real 3D FlipBook plugin (real3d-flipbook-lite) affecting versions up to and including 4.11.4. The root cause is improper neutralization of input during web page generation, allowing attacker-supplied data to execute script in other use...

CVE-2025-68512 WordPress Real 3D FlipBook plugin <= 4.11.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Stored XSS.This issue affects Real 3D FlipBook: from n/a through = 4.11.4...

EUVD-2021-1169

Malware in sbrugna...

WordPress Ajax Search Lite Plugin <= 4.11.4 is vulnerable to Cross Site Scripting (XSS)

Software Ajax Search Lite Type Plugin Vulnerable versions = 4.11.4 Fixed in 4.11.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-21752 Patch priority Medium CVSS severity Medium 7.1 Developer WPdreams PSID feaa068d0729 Credits Le Ngoc Anh Required privilege...

Jenkins Plugin Git 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

GHSA-8XWJ-2WGH-GPRH Lack of authentication mechanism in Jenkins Git Plugin webhook

Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Gi...

Cross-site Scripting in docsify

docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...

Debian DSA-4888-1 : xen - security update

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, privilege escalation or memory disclosure. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4888. T...

[SECURITY] [DSA 4723-1] xen security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4723-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 12, 2020 https://www.debian.org/security/faq -...

SUSE SLES12 Security Update : xen (SUSE-SU-2020:1632-1)

This update for xen to version 4.11.4 fixes the following issues : CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling...