Kilkat

#14837of 53,622
18.1Total CVSS
Vulnerabilities · 3
Medium
2
High
1
PT-2026-5013
6.3
2026-01-27
Cloudflare · Cloudflare Workers · CVE-2026-24473
**Name of the Vulnerable Software and Affected Versions** Hono versions prior to 4.11.7 **Description** The Serve static Middleware for the Cloudflare Workers adapter in Hono does not properly validate user-controlled paths, potentially allowing attackers to read arbitrary keys from the Workers environment. This improper validation can result in unintended access to internal asset keys. The issue affects applications running on Cloudflare Workers that utilize Serve static Middleware with user-controllable request paths and may lead to information disclosure. The exposed data is limited to readable asset keys and does not allow modification of stored data or execution of arbitrary code. **Recommendations** Update to Hono version 4.11.7 or later.
PT-2026-5014
4.7
2026-01-27
Hono/Jsx · Hono/Jsx · CVE-2026-24771
**Name of the Vulnerable Software and Affected Versions** Hono versions prior to 4.11.7 **Description** A Cross-Site Scripting (XSS) issue exists in the `ErrorBoundary` component of the hono/jsx library. Untrusted data from users may be rendered as raw HTML, potentially allowing execution of arbitrary scripts in a user's browser. **Recommendations** Update to version 4.11.7 or later.
PT-2026-3917
7.1
2026-01-22
Pypi · Wheel · CVE-2026-24049
**Name of the Vulnerable Software and Affected Versions** wheel versions 0.40.0 through 0.46.1 **Description** The 'wheel' package, a tool for manipulating Python wheel files, contains a flaw in the `unpack` function. This flaw allows for file permission modification through mishandling of file permissions after extraction. The logic incorrectly trusts the filename from the archive header when setting file permissions, even after the extraction process has sanitized the path. An attacker can craft a malicious wheel file that, when unpacked, alters the permissions of critical system files, potentially enabling Privilege Escalation or arbitrary code execution. The vulnerability is triggered when the `unpack` function applies permissions based on the unsanitized filename from the archive header. This can lead to critical system files becoming world-writable. **Recommendations** Update to a version of wheel greater than 0.46.1.