CVE-2026-2967 Cesanta Mongoose TCP Sequence Number net_builtin.c getpeer verification of source

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiate...

CVE-2026-2967

The CVE-2026-2967 entry describes a vulnerability in Cesanta Mongoose up to version 7.20, specifically in the getpeer function of /src/net_builtin.c within the TCP Sequence Number Handler. The underlying issue is improper verification of the source of a communication channel, potentially enabling...

CVE-2026-2967 Cesanta Mongoose TCP Sequence Number net_builtin.c getpeer verification of source

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiate...

CVE-2026-2964

A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible t...

CVE-2026-2964

A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible t...

CVE-2026-2966

A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...

CVE-2026-2966

A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...

CVE-2026-2964

A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible t...

CVE-2026-2964 higuma web-audio-recorder-js Dynamic Config Handling WebAudioRecorder.js extend prototype pollution

A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible t...

CVE-2026-2964

CVE-2026-2964 affects higuma web-audio-recorder-js (versions 0.1 and 0.1.1). The root cause is a flaw in the framework’s Dynamic Config Handling within the library file lib/WebAudioRecorder.js: the affected function, extend, permits improper modification of object prototype attributes (prototype ...

CVE-2026-2964 higuma web-audio-recorder-js Dynamic Config Handling WebAudioRecorder.js extend prototype pollution

A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible t...

CVE-2026-2963 Jinher OA C6 OfficeSupplyTypeRight.aspx sql injection

A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...

CVE-2026-2963

Jinher OA C6 (up to 20260210) is affected by an injection in OfficeSupplyTypeRight.aspx via manipulation of id/offsnum leading to SQL injection. Remote attack possible; exploit publicly disclosed. Patch is recommended to address the issue.

PT-2026-21556

Name of the Vulnerable Software and Affected Versions ShuoRen Smart Heating Integrated Management Platform version 1.0.0 Description A flaw exists in ShuoRen Smart Heating Integrated Management Platform version 1.0.0, related to an unknown functionality within the file...

PT-2026-21507

Name of the Vulnerable Software and Affected Versions UTT HiPER 810G versions up to 1.7.7-1711 Description A buffer overflow issue exists in the strcpy function within the /goform/setSysAdm file. The manipulation of the passwd1 argument can trigger this issue. This allows for remote exploitation...

CVE-2026-2968

A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be...

PT-2026-21494

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net builtin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiat...

PT-2026-21581

Name of the Vulnerable Software and Affected Versions free5gc UDM versions up to and including 1.4.1 Description free5gc UDM provides Unified Data Management for free5GC, an open-source 5G mobile core network project. A NULL Pointer Dereference exists that allows remote, unauthenticated attackers...

CVE-2026-2967

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiate...

CVE-2026-2867

A vulnerability was determined in itsourcecode Vehicle Management System 1.0. Affected is an unknown function of the file /billaction.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be...