Summary
hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-V2QM-5WXJ-QHJ7
Open WebUI: Stored XSS to Account Takeover via Model Profile Images
- MEDIUMGHSA-CRMM-HGP2-WGRP
Laravel Framework: Temporary Signed URL Path Confusion
- MEDIUMGHSA-VCC4-2C75-VC9V
Caddy: stripHTML template function bypass
- MEDIUMGHSA-W22M-HVVM-XMWX
Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization
- MEDIUMGHSA-6JQ6-X4CX-QVCM
Firefly II has Stored XSS in Audit Log Entry view via piggy bank name (ale.twig)
- MEDIUMGHSA-HHPQ-7WG4-36JM
CakePHP Authentication: Open redirect weakness via backslash bypass