21 matches found
MikroTik RouterOS <= 7.20 Authentication Bypass via Improper Certificate Validation (CVE-2025-42611)
According to its self-reported version, the remote networking device is running a version of MikroTik RouterOS 7.x prior to or equal to 7.20. It is, therefore, affected by an authentication bypass vulnerability caused by improper certificate validation. The vulnerability lies in shared certificat...
PT-2026-35156
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle opt of the file /src/net builtin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. T...
PT-2026-35157
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg aes gcm decrypt of the file /src/tls aes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may ...
EUVD-2026-18183
A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...
EUVD-2026-18170
A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...
CVE-2026-5245
A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...
CVE-2026-5244 Cesanta Mongoose TLS 1.3 mongoose.c mg_tls_recv_cert heap-based overflow
A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...
CVE-2026-5244
A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...
CVE-2026-5244 Cesanta Mongoose TLS 1.3 mongoose.c mg_tls_recv_cert heap-based overflow
A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...
Cesanta Mongoose 安全特征问题漏洞
Cesanta Mongoose is a set of embedded server libraries developed by the Irish company Cesanta. It includes functions for TCP and HTTP clients and servers, as well as WenSocket clients and servers. Versions of Cesanta Mongoose 7.20 and earlier contained security vulnerabilities. These...
PT-2026-21494
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net builtin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiat...
Auth0 Laravel SDK has Improper Audience Validation via Auth0-PHP SDK dependency
Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Users are affected if they meet the following...
CVE-2025-14111
CVE-2025-14111 affects Rarlab RAR App for Android up to version 7.11 Build 127, specifically the com.rarlab.rar component. The issue is a path traversal vulnerability that could enable a remote attack; exploitability is described as complex/hard, but publicly disclosed. The vulnerability is mitig...
PT-2025-49045
Name of the Vulnerable Software and Affected Versions ComposioHQ version 0.7.20 Description A directory traversal issue exists in ComposioHQ version 0.7.20. This allows a remote attacker to potentially access sensitive information through the download file or dir function. The issue involves...
UBUNTU-CVE-2024-21164
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
SAP Solution Manager 跨站脚本漏洞
SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...
Socomec MODULYS GP 安全漏洞
Socomec MODULYS GP is a green power device from Socomec, a French company. A security vulnerability exists in Socomec MODULYS GP version 7.20 and prior versions, which stems from its lack of strong encryption of credentials on HTTP connections that could allow threat actors to obtain sensitive...
SAP Solution Manager Missing Authentication Check Vulnerability (CNVD-2020-62929)
SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...
CVE-2020-26821
SAP Solution Manager JAVA stack, version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service...
DEBIAN-CVE-2018-1000301
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have...