21277 matches found
DEBIAN-CVE-2026-6985
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...
CVE-2026-6985
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...
CVE-2026-6985
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...
CVE-2026-6985
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...
CVE-2026-6985 Cesanta Mongoose TCP Option net_builtin.c handle_opt infinite loop
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...
CVE-2026-6985 Cesanta Mongoose TCP Option net_builtin.c handle_opt infinite loop
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...
CVE-2026-6979
A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...
CVE-2026-6979 devlikeapro WAHA API Request media.controller.ts server-side request forgery
A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...
CVE-2026-6979
Affects devlikeapro WAHA up to 2026.3.4; vulnerable in the API Request Handler function src/api/media.controller.ts, enabling server-side request forgery. Attackable remotely; exploit published. Vendor unresponsive. No remediation details provided in the documents.
CVE-2026-6979 devlikeapro WAHA API Request media.controller.ts server-side request forgery
A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...
OESA-2026-2056 assimp security update
Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability was found in Open...
SUSE CVE-2025-66286
An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...
SUSE CVE-2026-31574
In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the nexteventforced flag The prevention mechanism against timer interrupt starvation missed to reset the nexteventforced flag in a couple of places: - When the clock event state changes. That ca...
SUSE CVE-2026-31647
In the Linux kernel, the following vulnerability has been resolved: idpf: fix PREEMPTRT raw/bh spinlock nesting for async VC handling Switch from using the completion's raw spinlock to a local lock in the idpfvcxn struct. The conversion is safe because complete/all are called outside the lock and...
KLiK SocialMediaWebsite 注入漏洞
KLiK SocialMediaWebsite is a simple social media website developed by Muhammad Saad using PHP. Versions of KLiK SocialMediaWebsite 1.0.1 and earlier had a vulnerability related to injection attacks. This vulnerability stemmed from the cid parameter operations in the Private Message Handler...
PT-2026-35149
A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...
WAHA 代码问题漏洞
WAHA is an open-source WhatsApp HTTP API service tool developed by devlikeapro. Versions of WAHA prior to 2026.3.4 contained code vulnerabilities. These vulnerabilities stemmed from unknown features in the component’s API Request Handler, specifically in the file src/api/media.controller.ts, whic...
Cesanta Mongoose 安全漏洞
Cesanta Mongoose is a set of embedded server libraries developed by the Irish company Cesanta. It includes functions for TCP and HTTP clients and servers, as well as WenSocket clients and servers. Versions of Cesanta Mongoose 7.20 and earlier contained security vulnerabilities. These...
PT-2026-35156
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle opt of the file /src/net builtin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. T...
PT-2026-35167
A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/header mutation/header mutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patc...