Lucene search
K

207 matches found

EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40869

An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser in WinRAR and UnRAR RecVolumes5::ReadHeader in recvol5.cpp. The RecItems vector is sized only when the first .rev file in a set is processed; subsequent .rev files supply an independent RecNum value that is validated again...

7.8CVSS7.4AI score0.1308EPSS
Exploits1References2
CVE
CVE
added 6 days ago9 views

CVE-2026-31016

CVE-2026-31016 is a Cross Site Request Forgery vulnerability affecting Squidex.io Squidex CMS up to version 7.21.0 (and earlier). The issue enables a remote attacker to escalate privileges via the IdentityServer account profile endpoint. The vulnerability is documented with a CVSS v3.1 base score...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.8 views

CVE-2026-41177

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

5.5CVSS5.4AI score0.00329EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.32 views

CVE-2026-42730 WordPress MasterStudy LMS plugin <= 3.7.29 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.7.29...

8.5CVSS0.00253EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-5246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mgtlsverifycertsignature of the file mongoose.c of the component P-384...

8.1CVSS5.4AI score0.00622EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-5244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler...

9.8CVSS6.9AI score0.00727EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-5245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler...

8.1CVSS5.8AI score0.00716EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.10 views

WordPress plugin WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

8.1CVSS5.8AI score0.00328EPSS
Exploits0References2
OSV
OSV
added 2026/04/30 7:30 p.m.9 views

JLSEC-2026-369 A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function...

A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...

6.9CVSS5.8AI score0.00727EPSS
Exploits1References9
OSV
OSV
added 2026/04/30 7:30 p.m.5 views

JLSEC-2026-371 A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function...

A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mgtlsverifycertsignature of the file mongoose.c of the component P-384 Public Key Handler. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. Attacks of this nature...

6.3CVSS4.7AI score0.00622EPSS
Exploits0References9
OSV
OSV
added 2026/04/30 7:30 p.m.2 views

JLSEC-2026-372

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

6.9CVSS5.4AI score0.00565EPSS
Exploits1References5
OSV
OSV
added 2026/04/30 7:30 p.m.5 views

JLSEC-2026-370 A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function...

A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...

6.3CVSS5.2AI score0.00716EPSS
Exploits0References9
OSV
OSV
added 2026/04/30 7:30 p.m.6 views

JLSEC-2026-373

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mgaesgcmdecrypt of the file /src/tlsaes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be...

6.3CVSS4.6AI score0.00217EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/04/27 1:22 p.m.4 views

CVE-2026-6985

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

7.5CVSS5.4AI score0.00565EPSS
Exploits1References1
NVD
NVD
added 2026/04/25 5:16 p.m.4 views

CVE-2026-6985

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

7.5CVSS0.00565EPSS
Exploits1References5
OSV
OSV
added 2026/04/25 5:16 p.m.4 views

DEBIAN-CVE-2026-6985

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

7.5CVSS5.7AI score0.00565EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/25 4:30 p.m.34 views

CVE-2026-6986 Cesanta Mongoose GCM Authentication Tag tls_aes128.c mg_aes_gcm_decrypt signature verification

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mgaesgcmdecrypt of the file /src/tlsaes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be...

6.3CVSS0.00217EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/25 4:15 p.m.3 views

CVE-2026-6985

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

6.9CVSS5.4AI score0.00565EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/04/25 4:15 p.m.5 views

EUVD-2026-25661

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

6.9CVSS5.5AI score0.00565EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/04/25 4:15 p.m.9 views

CVE-2026-6985 Cesanta Mongoose TCP Option net_builtin.c handle_opt infinite loop

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

6.9CVSS5.4AI score0.00565EPSS
Exploits1References5
Rows per page
Query Builder