Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mongoose vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2019-13503
mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read.
Cesanta Mongoose 6.15
1 Github repository
570
VMScore
CVE-2018-18764
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read...
Cesanta Mongoose 6.13
668
VMScore
CVE-2017-2921
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote co...
Cesanta Mongoose 6.8
668
VMScore
CVE-2017-2922
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be ...
Cesanta Mongoose 6.8
NA
CVE-2022-4675
The Mongoose Page Plugin WordPress plugin prior to 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Mongoosemarketplace Mongoose Page Plugin
668
VMScore
CVE-2021-27425
Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
Cesanta Mongoose Os 2.17.0
405
VMScore
CVE-2009-1354
Directory traversal vulnerability in Mongoose 2.4 allows remote malicious users to read arbitrary files via a .. (dot dot) in the URI.
Sergey Lyubka Mongoose 2.4
1 EDB exploit
685
VMScore
CVE-2017-11567
Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server prior to 6.9 allows remote malicious users to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary ...
Cesanta Mongoose Embedded Web Server Library
1 EDB exploit
605
VMScore
CVE-2018-20352
Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and previous versions allows a denial of service (application crash) or remote code execution.
Cesanta Mongoose Embedded Web Server Library
760
VMScore
CVE-2011-2900
Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote malicious users to execu...
Valenok Mongoose 3.0
Yassl Yasslews 0.2
Shttpd Shttpd 1.42
2 EDB exploits
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »