CVE-2026-2966

A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...

📄 Mongoose HTTP Denial of Service

Mongoose HTTP versions prior to 7.14 appear to suffer from a basic resource exhaustion denial of service vulnerability. Exploit Title: Mongoose HTTP 7.14 DDOS Stack-Based Free Discovered by: Yehia Elghaly Discovered Date: 2025-06-11 Vendor Homepage: https://mongoose.ws/ Software Link :...

CVE-2024-53900

Mongoose before 8.8.3 can improperly use $where in match, leading to search injection...

PT-2023-11742 · Mongoose · Mongoose

Name of the Vulnerable Software and Affected Versions: Mongoose version 6.18 Description: The issue is a buffer overflow in the mg resolve from hosts file function when reading from a crafted hosts file. This can occur in Mongoose 6.18. Recommendations: For Mongoose version 6.18, consider updatin...

1405-authtokens (>=1.0.1 <=1.0.5), 1405_logging (=1.0.0) +3990 more potentially affected by CVE-2023-3696 via mongoose (>=1.0.0 <=5.13.2)

mongoose NPM version =1.0.0, =1.0.1, =1.0.7, =0.0.1, =0.0.2, =0.3.0, =0.0.1, =0.17.6, =0.0.1, =1.0.16, =1.0.30, =3.7.0, =3.8.2 and more Source cves: CVE-2023-3696 Source advisory: OSV:GHSA-9M93-W8W6-76HH...

UBUNTU-CVE-2019-12951

An issue was discovered in Mongoose before 6.15. The parsemqtt function in mgmqtt.c has a critical heap-based buffer overflow...

Mongoose version 2.8 source disclosure vulnerability

Exploit for unknown platform in category web applications ==================================================== Mongoose version 2.8 source disclosure vulnerability ==================================================== Application Info: Name: mongoose Version: 2.8 Download:...