Lucene search
K

48 matches found

EUVD
EUVD
added 2026/07/01 2:41 a.m.7 views

EUVD-2026-40869

An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser in WinRAR and UnRAR RecVolumes5::ReadHeader in recvol5.cpp. The RecItems vector is sized only when the first .rev file in a set is processed; subsequent .rev files supply an independent RecNum value that is validated again...

7.8CVSS7.4AI score0.1308EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.11 views

CVE-2026-41177

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

5.5CVSS5.4AI score0.00329EPSS
Exploits1References1
OSV
OSV
added 2026/04/30 7:30 p.m.5 views

JLSEC-2026-371 A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function...

A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mgtlsverifycertsignature of the file mongoose.c of the component P-384 Public Key Handler. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. Attacks of this nature...

6.3CVSS4.7AI score0.00622EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/04/25 4:30 p.m.35 views

CVE-2026-6986 Cesanta Mongoose GCM Authentication Tag tls_aes128.c mg_aes_gcm_decrypt signature verification

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mgaesgcmdecrypt of the file /src/tlsaes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be...

6.3CVSS0.00217EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/25 4:15 p.m.5 views

EUVD-2026-25661

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

6.9CVSS5.5AI score0.00565EPSS
Exploits1References5
NVD
NVD
added 2026/04/22 10:16 p.m.8 views

CVE-2026-41172

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSRF vulnerability allows a user with asset upload permission to force the server to fetch arbitrary URLs, including localhost/private network targets, and persist the response as ...

8.6CVSS0.00215EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 9:45 a.m.2 views

CVE-2026-5246

A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mgtlsverifycertsignature of the file mongoose.c of the component P-384 Public Key Handler. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. Attacks of this nature...

6.3CVSS5.5AI score0.00622EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2026/04/02 9:45 a.m.5 views

CVE-2026-5246

A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mgtlsverifycertsignature of the file mongoose.c of the component P-384 Public Key Handler. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. Attacks of this nature...

8.1CVSS5.1AI score0.00622EPSS
Exploits0
NVD
NVD
added 2026/04/02 8:16 a.m.6 views

CVE-2026-5244

A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...

9.8CVSS0.00727EPSS
Exploits1References6
OSV
OSV
added 2026/04/02 8:16 a.m.7 views

UBUNTU-CVE-2026-5244

A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...

9.8CVSS7AI score0.00727EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.23 views

PT-2026-26955

ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a crash when...

6.9CVSS6.1AI score0.00183EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/16 3:11 p.m.2 views

CVE-2026-32583 WordPress Modern Events Calendar plugin <= 7.29.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Webnus Inc. Modern Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modern Events Calendar: from n/a through 7.29.0...

5.3CVSS5.8AI score0.007EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/16 2:35 p.m.3 views

WordPress Modern Events Calendar plugin <= 7.29.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Aman Rawat in WordPress Plugin Modern Events Calendar versions = 7.29.0...

5.3CVSS5.8AI score0.007EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/03/12 9:16 p.m.2 views

DEBIAN-CVE-2026-1528

ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0...

7.5CVSS7.5AI score0.00488EPSS
Exploits0References1
NVD
NVD
added 2026/03/12 9:16 p.m.4 views

CVE-2026-1528

ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0...

7.5CVSS0.00488EPSS
Exploits0References21
OSV
OSV
added 2026/02/27 8:28 p.m.5 views

CVE-2026-28338 PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages

PMD is an extensible multilanguage static code analyzer. Prior to version 7.22.0, PMD's vbhtml and yahtml report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated HTML report contains...

6.8CVSS6AI score0.00297EPSS
Exploits1References5
OSV
OSV
added 2026/02/23 4:16 a.m.14 views

UBUNTU-CVE-2026-2968

A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be...

6.3CVSS5.1AI score0.00218EPSS
Exploits1References7
CVE
CVE
added 2026/02/23 3:2 a.m.25 views

CVE-2026-2968

Cesanta Mongoose up to 7.20 is affected in mg_chacha20_poly1305_decrypt (tls_chacha20.c, Poly1305 Authentication Tag Handler). The issue is improper verification of the cryptographic signature, with a remote attack vector. Descriptions indicate high complexity for exploitation and that the exploi...

6.3CVSS4.5AI score0.00218EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/23 2:2 a.m.10 views

CVE-2026-2966 Cesanta Mongoose DNS Transaction ID dns.c mg_sendnsreq random values

A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...

6.3CVSS5.2AI score0.0038EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/12/02 9:51 a.m.10 views

CVE-2025-13872 Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio

Blind Server-Side Request Forgery SSRF in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination...

2.1CVSS6.6AI score0.00267EPSS
Exploits0References1
Rows per page
Query Builder