Squ4Nch

**Name of the Vulnerable Software and Affected Versions** Hono versions prior to 4.12.21 **Description** The `jwt` and `jwk` middlewares fail to verify that the Authorization header value utilizes the Bearer scheme. Consequently, any two-part header value is processed for JWT verification regardless of the scheme name used in the first position. This allows requests using non-Bearer scheme identifiers, such as Basic or Token, to be authenticated in the same manner as correctly formed Bearer requests. **Recommendations** Update to version 4.12.21.

**Name of the Vulnerable Software and Affected Versions** Control iD Gerencia Web version 1.30 Control iD Panel (affected versions not specified) **Description** A vulnerability was found in the Web Interface component, where the manipulation of the `Nome` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For Control iD Gerencia Web version 1.30, consider disabling the Web Interface component until a patch is available. For Control iD Panel, restrict access to the Web Interface to minimize the risk of exploitation. Avoid using the `Nome` argument in the affected Web Interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.