Exposição de Hono
Web frameworks27
score de exposição
73
sites usam
0
em exploração
0
críticos
CVEs
37 resultadosCVE-2026-47674MEDIUMHono: IP Restriction bypasses static deny rules for non-canonical IPv6EPSS 0.2%CVE-2026-29085MEDIUMHono: SSE Control Field Injection via CR/LF in writeSSE()EPSS 0.2%CVE-2024-43787MEDIUMHono CSRF middleware can be bypassed using crafted Content-Type headerEPSS 0.2%CVE-2026-44456MEDIUMHono: bodyLimit() can be bypassed for chunked / unknown-length requestsEPSS 0.2%CVE-2026-29086MEDIUMHono: Cookie Attribute Injection via Unsanitized domain and path in setCookie()EPSS 0.2%CVE-2026-47675MEDIUMHono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injectionEPSS 0.2%CVE-2026-44459LOWHono: Improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()EPSS 0.2%CVE-2026-47673MEDIUMHono: JWT middleware accepts any Authorization scheme, not only BearerEPSS 0.2%CVE-2026-44457MEDIUMHono: Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakageEPSS 0.2%CVE-2026-44458MEDIUMHono: CSS Declaration Injection via Style Object Values in JSX SSREPSS 0.2%CVE-2026-54287MEDIUMHono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and LatticeEPSS 0.2%CVE-2026-22817HIGHJWT Algorithm Confusion via Unsafe Default (HS256) in Hono JWT Middleware Allows Token Forgery and Auth BypassEPSS 0.1%CVE-2026-44455MEDIUMHono: Unvalidated JSX Tag Names in hono/jsx May Allow HTML InjectionEPSS 0.1%CVE-2026-22818HIGHJWT algorithm confusion in Hono JWK Auth Middleware when JWK lacks "alg" (untrusted header.alg fallback)EPSS 0.1%CVE-2026-54289MEDIUMHono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the restEPSS 0.1%CVE-2026-54288MEDIUMHono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`EPSS 0.1%CVE-2026-56762MEDIUMHono - Missing Cookie Name Validation in setCookie()EPSS —
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →