Exposição de Hono
Web frameworks27
score de exposição
73
sites usam
0
em exploração
0
críticos
CVEs
37 resultadosCVE-2024-32869MEDIUMHono vulnerable to Restricted Directory Traversal in serveStatic with denoEPSS 0.6%CVE-2023-50710MEDIUMHono's named path parameters can be overridden in TrieRouterEPSS 0.6%CVE-2026-39408MEDIUMHono has a path traversal in toSSG() allows writing files outside the output directoryEPSS 0.5%CVE-2025-58362HIGHHono contains a flaw in URL path parsing, potentially leading to path confusionEPSS 0.5%CVE-2026-39407MEDIUMHono has a middleware bypass via repeated slashes in serveStaticEPSS 0.5%CVE-2026-24472MEDIUMHono cache middleware ignores "Cache-Control: private" leading to Web Cache DeceptionEPSS 0.5%CVE-2026-29045HIGHHono: Arbitrary file access via serveStatic vulnerabilityEPSS 0.4%CVE-2026-24473MEDIUMHono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter)EPSS 0.4%CVE-2025-59139MEDIUMHono has Body Limit Middleware BypassEPSS 0.4%CVE-2025-62610HIGHHono Improperly Authorizes JWT Audience ValidationEPSS 0.4%CVE-2026-39409MEDIUMHono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addressesEPSS 0.3%CVE-2026-24398MEDIUMHono's IPv4 address validation bypass in IP Restriction Middleware allows IP spoofingEPSS 0.3%CVE-2024-48913MEDIUMHono vulnerable to bypass of CSRF Middleware by a request without Content-Type header.EPSS 0.3%CVE-2026-24771MEDIUMHono has a Cross-site Scripting vulnerabilityEPSS 0.3%CVE-2026-54286MEDIUMHono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)EPSS 0.3%CVE-2026-39410MEDIUMHono has a non-breaking space prefix bypass in cookie name handling in getCookie()EPSS 0.3%CVE-2026-47676MEDIUMHono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded pathsEPSS 0.3%CVE-2026-54290HIGHHono: CORS Middleware reflects any Origin with credentials when `origin` defaults to the wildcardEPSS 0.2%CVE-2026-42349HIGHClerk: Authorization bypass when combining organization, billing, or reverification checksEPSS 0.2%CVE-2026-27700HIGHHono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfoEPSS 0.2%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →