Lucene search
K

21 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.9 views

MikroTik RouterOS <= 7.20 Authentication Bypass via Improper Certificate Validation (CVE-2025-42611)

According to its self-reported version, the remote networking device is running a version of MikroTik RouterOS 7.x prior to or equal to 7.20. It is, therefore, affected by an authentication bypass vulnerability caused by improper certificate validation. The vulnerability lies in shared certificat...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.5 views

PT-2026-35156

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle opt of the file /src/net builtin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. T...

6.9CVSS5.1AI score0.00565EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.6 views

PT-2026-35157

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg aes gcm decrypt of the file /src/tls aes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may ...

6.3CVSS4.5AI score0.00217EPSS
Exploits1References6
EUVD
EUVD
added 2026/04/02 12:31 p.m.8 views

EUVD-2026-18183

A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...

6.3CVSS5.8AI score0.00716EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/02 9:30 a.m.3 views

EUVD-2026-18170

A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...

7.5CVSS7.2AI score0.00727EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/04/02 9:0 a.m.10 views

CVE-2026-5245

A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...

6.3CVSS5.8AI score0.00716EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 8:0 a.m.6 views

CVE-2026-5244 Cesanta Mongoose TLS 1.3 mongoose.c mg_tls_recv_cert heap-based overflow

A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...

7.5CVSS7.2AI score0.00727EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/04/02 8:0 a.m.2 views

CVE-2026-5244

A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...

7.5CVSS6AI score0.00727EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2026/04/02 8:0 a.m.43 views

CVE-2026-5244 Cesanta Mongoose TLS 1.3 mongoose.c mg_tls_recv_cert heap-based overflow

A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...

7.5CVSS0.00727EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.11 views

Cesanta Mongoose 安全特征问题漏洞

Cesanta Mongoose is a set of embedded server libraries developed by the Irish company Cesanta. It includes functions for TCP and HTTP clients and servers, as well as WenSocket clients and servers. Versions of Cesanta Mongoose 7.20 and earlier contained security vulnerabilities. These...

6.3CVSS5.8AI score0.0038EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.7 views

PT-2026-21494

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net builtin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiat...

6.3CVSS4.8AI score0.00491EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2025/12/17 8:55 p.m.8 views

Auth0 Laravel SDK has Improper Audience Validation via Auth0-PHP SDK dependency

Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Users are affected if they meet the following...

6.9AI score
Exploits0References4Affected Software1
CVE
CVE
added 2025/12/05 10:32 p.m.25 views

CVE-2025-14111

CVE-2025-14111 affects Rarlab RAR App for Android up to version 7.11 Build 127, specifically the com.rarlab.rar component. The issue is a path traversal vulnerability that could enable a remote attack; exploitability is described as complex/hard, but publicly disclosed. The vulnerability is mitig...

8.1CVSS6.1AI score0.00548EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.5 views

PT-2025-49045

Name of the Vulnerable Software and Affected Versions ComposioHQ version 0.7.20 Description A directory traversal issue exists in ComposioHQ version 0.7.20. This allows a remote attacker to potentially access sensitive information through the download file or dir function. The issue involves...

7.5CVSS6.3AI score0.00822EPSS
Exploits1References11
OSV
OSV
added 2024/07/16 11:15 p.m.8 views

UBUNTU-CVE-2024-21164

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...

2.5CVSS5.8AI score0.00457EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.4 views

SAP Solution Manager 跨站脚本漏洞

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

6.5CVSS5.9AI score0.00385EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.5 views

Socomec MODULYS GP 安全漏洞

Socomec MODULYS GP is a green power device from Socomec, a French company. A security vulnerability exists in Socomec MODULYS GP version 7.20 and prior versions, which stems from its lack of strong encryption of credentials on HTTP connections that could allow threat actors to obtain sensitive...

7.5CVSS7.3AI score0.00471EPSS
Exploits0References2
CNVD
CNVD
added 2020/11/11 12:0 a.m.2 views

SAP Solution Manager Missing Authentication Check Vulnerability (CNVD-2020-62929)

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

10CVSS6.9AI score0.01284EPSS
Exploits0References1
OSV
OSV
added 2020/11/10 5:15 p.m.4 views

CVE-2020-26821

SAP Solution Manager JAVA stack, version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service...

10CVSS7.3AI score0.0134EPSS
Exploits0References2
OSV
OSV
added 2018/05/24 1:29 p.m.3 views

DEBIAN-CVE-2018-1000301

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have...

9.1CVSS9.2AI score0.06003EPSS
Exploits0References1
Rows per page
Query Builder