{"url":"http://public2.vulnerablecode.io/api/packages/104838?format=json","purl":"pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3%2Bdeb13u2?distro=trixie","type":"deb","namespace":"debian","name":"swupdate","version":"2024.12.1+dfsg-3+deb13u2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2025.12+dfsg-1","latest_non_vulnerable_version":"2026.05+dfsg-3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75371?format=json","vulnerability_id":"VCID-593x-3915-9ffy","summary":"A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt of the file /src/tls_aes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be performed from remote. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 7.21 is capable of addressing this issue. It is advisable to upgrade the affected component. VulDB has contacted the vendor early and they confirmed quickly, that this issue got fixed already.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6986","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01099","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6986"},{"reference_url":"https://vuldb.com/vuln/359529","reference_id":"359529","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T13:33:26Z/"}],"url":"https://vuldb.com/vuln/359529"},{"reference_url":"https://github.com/cesanta/mongoose/releases/tag/7.21","reference_id":"7.21","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T13:33:26Z/"}],"url":"https://github.com/cesanta/mongoose/releases/tag/7.21"},{"reference_url":"https://vuldb.com/submit/796231","reference_id":"796231","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T13:33:26Z/"}],"url":"https://vuldb.com/submit/796231"},{"reference_url":"https://github.com/dwBruijn/CVEs/blob/main/Mongoose/AESGCM.md","reference_id":"AESGCM.md","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T13:33:26Z/"}],"url":"https://github.com/dwBruijn/CVEs/blob/main/Mongoose/AESGCM.md"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*"},{"reference_url":"https://vuldb.com/vuln/359529/cti","reference_id":"cti","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T13:33:26Z/"}],"url":"https://vuldb.com/vuln/359529/cti"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104844?format=json","purl":"pkg:deb/debian/swupdate@2025.12%2Bdfsg-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2025.12%252Bdfsg-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2026-6986"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-593x-3915-9ffy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91106?format=json","vulnerability_id":"VCID-949c-mzqd-6bdr","summary":"Null pointer dereference in add_ca_certs() in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSL_CTX_get_cert_store() returns NULL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65502","reference_id":"","reference_type":"","scores":[{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36934","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65502"},{"reference_url":"https://github.com/cesanta/mongoose/issues/3306","reference_id":"3306","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T18:28:47Z/"}],"url":"https://github.com/cesanta/mongoose/issues/3306"},{"reference_url":"https://github.com/cesanta/mongoose/pull/3307","reference_id":"3307","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T18:28:47Z/"}],"url":"https://github.com/cesanta/mongoose/pull/3307"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104842?format=json","purl":"pkg:deb/debian/swupdate@2025.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2025.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2025-65502"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-949c-mzqd-6bdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68528?format=json","vulnerability_id":"VCID-9ff4-a1wr-qbcu","summary":"A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verify_cert_signature of the file mongoose.c of the component P-384 Public Key Handler. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized. Upgrading to version 7.21 is able to address this issue. This patch is called 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1. The affected component should be upgraded. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5246","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08807","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5246"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5246","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5246"},{"reference_url":"https://github.com/cesanta/mongoose/commit/0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1","reference_id":"0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:06:36Z/"}],"url":"https://github.com/cesanta/mongoose/commit/0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1"},{"reference_url":"https://vuldb.com/vuln/354827","reference_id":"354827","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:06:36Z/"}],"url":"https://vuldb.com/vuln/354827"},{"reference_url":"https://github.com/cesanta/mongoose/releases/tag/7.21","reference_id":"7.21","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:06:36Z/"}],"url":"https://github.com/cesanta/mongoose/releases/tag/7.21"},{"reference_url":"https://vuldb.com/submit/770104","reference_id":"770104","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:06:36Z/"}],"url":"https://vuldb.com/submit/770104"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*"},{"reference_url":"https://vuldb.com/vuln/354827/cti","reference_id":"cti","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:06:36Z/"}],"url":"https://vuldb.com/vuln/354827/cti"},{"reference_url":"https://github.com/cesanta/mongoose/","reference_id":"mongoose","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:06:36Z/"}],"url":"https://github.com/cesanta/mongoose/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104844?format=json","purl":"pkg:deb/debian/swupdate@2025.12%2Bdfsg-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2025.12%252Bdfsg-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2026-5246"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ff4-a1wr-qbcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75289?format=json","vulnerability_id":"VCID-a7zz-qbxs-mbbt","summary":"A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 7.21 is able to resolve this issue. Upgrading the affected component is advised. VulDB has contacted the vendor early and they confirmed quickly, that this issue got fixed already.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6985","reference_id":"","reference_type":"","scores":[{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44625","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6985"},{"reference_url":"https://vuldb.com/vuln/359528","reference_id":"359528","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-27T12:35:19Z/"}],"url":"https://vuldb.com/vuln/359528"},{"reference_url":"https://github.com/cesanta/mongoose/releases/tag/7.21","reference_id":"7.21","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-27T12:35:19Z/"}],"url":"https://github.com/cesanta/mongoose/releases/tag/7.21"},{"reference_url":"https://vuldb.com/submit/796230","reference_id":"796230","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-27T12:35:19Z/"}],"url":"https://vuldb.com/submit/796230"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*"},{"reference_url":"https://vuldb.com/vuln/359528/cti","reference_id":"cti","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-27T12:35:19Z/"}],"url":"https://vuldb.com/vuln/359528/cti"},{"reference_url":"https://github.com/dwBruijn/CVEs/blob/main/Mongoose/TCP_opt_dos.md","reference_id":"TCP_opt_dos.md","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-27T12:35:19Z/"}],"url":"https://github.com/dwBruijn/CVEs/blob/main/Mongoose/TCP_opt_dos.md"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104844?format=json","purl":"pkg:deb/debian/swupdate@2025.12%2Bdfsg-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2025.12%252Bdfsg-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2026-6985"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a7zz-qbxs-mbbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84783?format=json","vulnerability_id":"VCID-eh43-8g4u-63hq","summary":"A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched remotely. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2966","reference_id":"","reference_type":"","scores":[{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37704","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2966"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2966","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2966"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*"},{"reference_url":"https://vuldb.com/?ctiid.347333","reference_id":"?ctiid.347333","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T13:36:36Z/"}],"url":"https://vuldb.com/?ctiid.347333"},{"reference_url":"https://vuldb.com/?id.347333","reference_id":"?id.347333","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T13:36:36Z/"}],"url":"https://vuldb.com/?id.347333"},{"reference_url":"https://github.com/dwBruijn/CVEs/blob/main/Mongoose/mg_sendnsreq.md","reference_id":"mg_sendnsreq.md","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T13:36:36Z/"}],"url":"https://github.com/dwBruijn/CVEs/blob/main/Mongoose/mg_sendnsreq.md"},{"reference_url":"https://github.com/dwBruijn/CVEs/blob/main/Mongoose/mg_sendnsreq.md#poc","reference_id":"mg_sendnsreq.md#poc","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T13:36:36Z/"}],"url":"https://github.com/dwBruijn/CVEs/blob/main/Mongoose/mg_sendnsreq.md#poc"},{"reference_url":"https://vuldb.com/?submit.755304","reference_id":"?submit.755304","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T13:36:36Z/"}],"url":"https://vuldb.com/?submit.755304"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104844?format=json","purl":"pkg:deb/debian/swupdate@2025.12%2Bdfsg-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2025.12%252Bdfsg-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2026-2966"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eh43-8g4u-63hq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/118961?format=json","vulnerability_id":"VCID-jcsn-r7uh-97ee","summary":"SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-41259","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02158","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-41259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41259"},{"reference_url":"https://github.com/sbabic/swupdate/commit/f4bd64260e233e207354d68d572b1cbc3e63689d","reference_id":"f4bd64260e233e207354d68d572b1cbc3e63689d","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-06-03T12:36:39Z/"}],"url":"https://github.com/sbabic/swupdate/commit/f4bd64260e233e207354d68d572b1cbc3e63689d"},{"reference_url":"https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251206-01_SWUpdate_Untrusted_Script_Execution_via_Signed_Update_TOCTOU","reference_id":"SBA-ADV-20251206-01_SWUpdate_Untrusted_Script_Execution_via_Signed_Update_TOCTOU","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-06-03T12:36:39Z/"}],"url":"https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251206-01_SWUpdate_Untrusted_Script_Execution_via_Signed_Update_TOCTOU"},{"reference_url":"https://github.com/sbabic/swupdate","reference_id":"swupdate","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-06-03T12:36:39Z/"}],"url":"https://github.com/sbabic/swupdate"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104841?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2025-41259"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jcsn-r7uh-97ee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93590?format=json","vulnerability_id":"VCID-kkss-n8nq-5be8","summary":"An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-51495.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-51495.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-51495","reference_id":"","reference_type":"","scores":[{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.57193","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-51495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-51495","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-51495"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2400159","reference_id":"2400159","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2400159"},{"reference_url":"https://github.com/cesanta/mongoose/pull/3131","reference_id":"3131","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-29T19:55:19Z/"}],"url":"https://github.com/cesanta/mongoose/pull/3131"},{"reference_url":"https://github.com/cainiao159357/CVE-2025-51495","reference_id":"CVE-2025-51495","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-29T19:55:19Z/"}],"url":"https://github.com/cainiao159357/CVE-2025-51495"},{"reference_url":"https://github.com/cesanta/mongoose","reference_id":"mongoose","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-29T19:55:19Z/"}],"url":"https://github.com/cesanta/mongoose"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104842?format=json","purl":"pkg:deb/debian/swupdate@2025.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2025.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2025-51495"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kkss-n8nq-5be8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68516?format=json","vulnerability_id":"VCID-m1vd-uksa-m3cj","summary":"A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.21 mitigates this issue. The name of the patch is 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5244","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27854","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5244"},{"reference_url":"https://github.com/cesanta/mongoose/commit/0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1","reference_id":"0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:22:55Z/"}],"url":"https://github.com/cesanta/mongoose/commit/0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1"},{"reference_url":"https://vuldb.com/vuln/354825","reference_id":"354825","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:22:55Z/"}],"url":"https://vuldb.com/vuln/354825"},{"reference_url":"https://github.com/cesanta/mongoose/releases/tag/7.21","reference_id":"7.21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:22:55Z/"}],"url":"https://github.com/cesanta/mongoose/releases/tag/7.21"},{"reference_url":"https://vuldb.com/submit/770063","reference_id":"770063","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:22:55Z/"}],"url":"https://vuldb.com/submit/770063"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*"},{"reference_url":"https://vuldb.com/vuln/354825/cti","reference_id":"cti","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:22:55Z/"}],"url":"https://vuldb.com/vuln/354825/cti"},{"reference_url":"https://github.com/cesanta/mongoose/","reference_id":"mongoose","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:22:55Z/"}],"url":"https://github.com/cesanta/mongoose/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104844?format=json","purl":"pkg:deb/debian/swupdate@2025.12%2Bdfsg-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2025.12%252Bdfsg-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2026-5244"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m1vd-uksa-m3cj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68794?format=json","vulnerability_id":"VCID-ndsg-2zqx-4bas","summary":"A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_record of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitability is said to be difficult. The exploit has been made public and could be used. Upgrading to version 7.21 will fix this issue. The patch is named 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5245","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08243","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5245"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5245","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5245"},{"reference_url":"https://github.com/cesanta/mongoose/commit/0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1","reference_id":"0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:27:05Z/"}],"url":"https://github.com/cesanta/mongoose/commit/0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1"},{"reference_url":"https://vuldb.com/vuln/354826","reference_id":"354826","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:27:05Z/"}],"url":"https://vuldb.com/vuln/354826"},{"reference_url":"https://github.com/cesanta/mongoose/releases/tag/7.21","reference_id":"7.21","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:27:05Z/"}],"url":"https://github.com/cesanta/mongoose/releases/tag/7.21"},{"reference_url":"https://vuldb.com/submit/770103","reference_id":"770103","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:27:05Z/"}],"url":"https://vuldb.com/submit/770103"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*"},{"reference_url":"https://vuldb.com/vuln/354826/cti","reference_id":"cti","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:27:05Z/"}],"url":"https://vuldb.com/vuln/354826/cti"},{"reference_url":"https://github.com/cesanta/mongoose/","reference_id":"mongoose","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:27:05Z/"}],"url":"https://github.com/cesanta/mongoose/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104844?format=json","purl":"pkg:deb/debian/swupdate@2025.12%2Bdfsg-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2025.12%252Bdfsg-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2026-5245"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ndsg-2zqx-4bas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84505?format=json","vulnerability_id":"VCID-pk2p-fhmh-fyau","summary":"A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2967","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46288","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2967"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2967","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2967"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*"},{"reference_url":"https://vuldb.com/?ctiid.347334","reference_id":"?ctiid.347334","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T13:32:47Z/"}],"url":"https://vuldb.com/?ctiid.347334"},{"reference_url":"https://vuldb.com/?id.347334","reference_id":"?id.347334","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T13:32:47Z/"}],"url":"https://vuldb.com/?id.347334"},{"reference_url":"https://vuldb.com/?submit.755450","reference_id":"?submit.755450","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T13:32:47Z/"}],"url":"https://vuldb.com/?submit.755450"},{"reference_url":"https://github.com/dwBruijn/CVEs/blob/main/Mongoose/tcp_rst.md","reference_id":"tcp_rst.md","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T13:32:47Z/"}],"url":"https://github.com/dwBruijn/CVEs/blob/main/Mongoose/tcp_rst.md"},{"reference_url":"https://github.com/dwBruijn/CVEs/blob/main/Mongoose/tcp_rst.md#poc","reference_id":"tcp_rst.md#poc","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T13:32:47Z/"}],"url":"https://github.com/dwBruijn/CVEs/blob/main/Mongoose/tcp_rst.md#poc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104844?format=json","purl":"pkg:deb/debian/swupdate@2025.12%2Bdfsg-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2025.12%252Bdfsg-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2026-2967"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pk2p-fhmh-fyau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84747?format=json","vulnerability_id":"VCID-yz7m-e52q-3qaf","summary":"A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mg_chacha20_poly1305_decrypt of the file /src/tls_chacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is said to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2968","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03753","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2968"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2968","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2968"},{"reference_url":"https://github.com/dwBruijn/CVEs/blob/main/Mongoose/ChaCha20Poly1305.md","reference_id":"ChaCha20Poly1305.md","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T17:26:42Z/"}],"url":"https://github.com/dwBruijn/CVEs/blob/main/Mongoose/ChaCha20Poly1305.md"},{"reference_url":"https://github.com/dwBruijn/CVEs/blob/main/Mongoose/ChaCha20Poly1305.md#poc","reference_id":"ChaCha20Poly1305.md#poc","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T17:26:42Z/"}],"url":"https://github.com/dwBruijn/CVEs/blob/main/Mongoose/ChaCha20Poly1305.md#poc"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*"},{"reference_url":"https://vuldb.com/?ctiid.347335","reference_id":"?ctiid.347335","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T17:26:42Z/"}],"url":"https://vuldb.com/?ctiid.347335"},{"reference_url":"https://vuldb.com/?id.347335","reference_id":"?id.347335","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T17:26:42Z/"}],"url":"https://vuldb.com/?id.347335"},{"reference_url":"https://vuldb.com/?submit.757091","reference_id":"?submit.757091","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T17:26:42Z/"}],"url":"https://vuldb.com/?submit.757091"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104844?format=json","purl":"pkg:deb/debian/swupdate@2025.12%2Bdfsg-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2025.12%252Bdfsg-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2026-2968"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yz7m-e52q-3qaf"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69281?format=json","vulnerability_id":"VCID-3q38-49ws-z3d5","summary":"SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoose_multipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing. Attackers can trigger an integer underflow in the mg_http_multipart_continue_wait_for_chunk() function when the buffer length falls within a specific range, causing an out-of-bounds heap read past the allocated receive buffer to a local IPC socket.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28525","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26993","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28525"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28525","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28525"},{"reference_url":"https://github.com/sbabic/swupdate/commit/beee2dc0feef1cfe84f1aa6fc980e104b2e47a74","reference_id":"beee2dc0feef1cfe84f1aa6fc980e104b2e47a74","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:32:10Z/"}],"url":"https://github.com/sbabic/swupdate/commit/beee2dc0feef1cfe84f1aa6fc980e104b2e47a74"},{"reference_url":"https://www.vulncheck.com/advisories/swupdate-integer-underflow-in-multipart-upload-parser","reference_id":"swupdate-integer-underflow-in-multipart-upload-parser","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:32:10Z/"}],"url":"https://www.vulncheck.com/advisories/swupdate-integer-underflow-in-multipart-upload-parser"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104834?format=json","purl":"pkg:deb/debian/swupdate@2022.12%2Bdfsg-4%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-593x-3915-9ffy"},{"vulnerability":"VCID-949c-mzqd-6bdr"},{"vulnerability":"VCID-9ff4-a1wr-qbcu"},{"vulnerability":"VCID-9v5x-hsts-p7du"},{"vulnerability":"VCID-a7zz-qbxs-mbbt"},{"vulnerability":"VCID-eh43-8g4u-63hq"},{"vulnerability":"VCID-jcsn-r7uh-97ee"},{"vulnerability":"VCID-kkss-n8nq-5be8"},{"vulnerability":"VCID-m1vd-uksa-m3cj"},{"vulnerability":"VCID-ndsg-2zqx-4bas"},{"vulnerability":"VCID-pk2p-fhmh-fyau"},{"vulnerability":"VCID-r5hg-wdpy-zuba"},{"vulnerability":"VCID-yz7m-e52q-3qaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2022.12%252Bdfsg-4%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104838?format=json","purl":"pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-593x-3915-9ffy"},{"vulnerability":"VCID-949c-mzqd-6bdr"},{"vulnerability":"VCID-9ff4-a1wr-qbcu"},{"vulnerability":"VCID-a7zz-qbxs-mbbt"},{"vulnerability":"VCID-eh43-8g4u-63hq"},{"vulnerability":"VCID-jcsn-r7uh-97ee"},{"vulnerability":"VCID-kkss-n8nq-5be8"},{"vulnerability":"VCID-m1vd-uksa-m3cj"},{"vulnerability":"VCID-ndsg-2zqx-4bas"},{"vulnerability":"VCID-pk2p-fhmh-fyau"},{"vulnerability":"VCID-yz7m-e52q-3qaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2024.12.1%252Bdfsg-3%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104843?format=json","purl":"pkg:deb/debian/swupdate@2025.12%2Bdfsg-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2025.12%252Bdfsg-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2026-28525"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3q38-49ws-z3d5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151940?format=json","vulnerability_id":"VCID-733c-8vc8-kybt","summary":"Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25887","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33968","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25887"},{"reference_url":"https://github.com/cesanta/mongoose/issues/1140","reference_id":"1140","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-03T19:29:12Z/"}],"url":"https://github.com/cesanta/mongoose/issues/1140"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104839?format=json","purl":"pkg:deb/debian/swupdate@2022.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2022.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104834?format=json","purl":"pkg:deb/debian/swupdate@2022.12%2Bdfsg-4%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-593x-3915-9ffy"},{"vulnerability":"VCID-949c-mzqd-6bdr"},{"vulnerability":"VCID-9ff4-a1wr-qbcu"},{"vulnerability":"VCID-9v5x-hsts-p7du"},{"vulnerability":"VCID-a7zz-qbxs-mbbt"},{"vulnerability":"VCID-eh43-8g4u-63hq"},{"vulnerability":"VCID-jcsn-r7uh-97ee"},{"vulnerability":"VCID-kkss-n8nq-5be8"},{"vulnerability":"VCID-m1vd-uksa-m3cj"},{"vulnerability":"VCID-ndsg-2zqx-4bas"},{"vulnerability":"VCID-pk2p-fhmh-fyau"},{"vulnerability":"VCID-r5hg-wdpy-zuba"},{"vulnerability":"VCID-yz7m-e52q-3qaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2022.12%252Bdfsg-4%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104838?format=json","purl":"pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-593x-3915-9ffy"},{"vulnerability":"VCID-949c-mzqd-6bdr"},{"vulnerability":"VCID-9ff4-a1wr-qbcu"},{"vulnerability":"VCID-a7zz-qbxs-mbbt"},{"vulnerability":"VCID-eh43-8g4u-63hq"},{"vulnerability":"VCID-jcsn-r7uh-97ee"},{"vulnerability":"VCID-kkss-n8nq-5be8"},{"vulnerability":"VCID-m1vd-uksa-m3cj"},{"vulnerability":"VCID-ndsg-2zqx-4bas"},{"vulnerability":"VCID-pk2p-fhmh-fyau"},{"vulnerability":"VCID-yz7m-e52q-3qaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2024.12.1%252Bdfsg-3%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2020-25887"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-733c-8vc8-kybt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208344?format=json","vulnerability_id":"VCID-7vsv-n1mg-gbhx","summary":"The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26529","reference_id":"","reference_type":"","scores":[{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56673","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26529"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104839?format=json","purl":"pkg:deb/debian/swupdate@2022.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2022.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104834?format=json","purl":"pkg:deb/debian/swupdate@2022.12%2Bdfsg-4%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-593x-3915-9ffy"},{"vulnerability":"VCID-949c-mzqd-6bdr"},{"vulnerability":"VCID-9ff4-a1wr-qbcu"},{"vulnerability":"VCID-9v5x-hsts-p7du"},{"vulnerability":"VCID-a7zz-qbxs-mbbt"},{"vulnerability":"VCID-eh43-8g4u-63hq"},{"vulnerability":"VCID-jcsn-r7uh-97ee"},{"vulnerability":"VCID-kkss-n8nq-5be8"},{"vulnerability":"VCID-m1vd-uksa-m3cj"},{"vulnerability":"VCID-ndsg-2zqx-4bas"},{"vulnerability":"VCID-pk2p-fhmh-fyau"},{"vulnerability":"VCID-r5hg-wdpy-zuba"},{"vulnerability":"VCID-yz7m-e52q-3qaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2022.12%252Bdfsg-4%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104838?format=json","purl":"pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-593x-3915-9ffy"},{"vulnerability":"VCID-949c-mzqd-6bdr"},{"vulnerability":"VCID-9ff4-a1wr-qbcu"},{"vulnerability":"VCID-a7zz-qbxs-mbbt"},{"vulnerability":"VCID-eh43-8g4u-63hq"},{"vulnerability":"VCID-jcsn-r7uh-97ee"},{"vulnerability":"VCID-kkss-n8nq-5be8"},{"vulnerability":"VCID-m1vd-uksa-m3cj"},{"vulnerability":"VCID-ndsg-2zqx-4bas"},{"vulnerability":"VCID-pk2p-fhmh-fyau"},{"vulnerability":"VCID-yz7m-e52q-3qaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2024.12.1%252Bdfsg-3%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2021-26529"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7vsv-n1mg-gbhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142060?format=json","vulnerability_id":"VCID-9v5x-hsts-p7du","summary":"The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34188","reference_id":"","reference_type":"","scores":[{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.28695","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34188"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34188","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34188"},{"reference_url":"https://github.com/cesanta/mongoose/pull/2197","reference_id":"2197","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T14:58:34Z/"}],"url":"https://github.com/cesanta/mongoose/pull/2197"},{"reference_url":"https://github.com/cesanta/mongoose/commit/4663090a8fb036146dfe77718cff612b0101cb0f","reference_id":"4663090a8fb036146dfe77718cff612b0101cb0f","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T14:58:34Z/"}],"url":"https://github.com/cesanta/mongoose/commit/4663090a8fb036146dfe77718cff612b0101cb0f"},{"reference_url":"https://github.com/cesanta/mongoose/compare/7.9...7.10","reference_id":"7.9...7.10","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T14:58:34Z/"}],"url":"https://github.com/cesanta/mongoose/compare/7.9...7.10"},{"reference_url":"https://blog.narfindustries.com/blog/narf-discovers-critical-vulnerabilities-in-cesanta-mongoose-http-server","reference_id":"narf-discovers-critical-vulnerabilities-in-cesanta-mongoose-http-server","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T14:58:34Z/"}],"url":"https://blog.narfindustries.com/blog/narf-discovers-critical-vulnerabilities-in-cesanta-mongoose-http-server"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104840?format=json","purl":"pkg:deb/debian/swupdate@2024.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2024.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104838?format=json","purl":"pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-593x-3915-9ffy"},{"vulnerability":"VCID-949c-mzqd-6bdr"},{"vulnerability":"VCID-9ff4-a1wr-qbcu"},{"vulnerability":"VCID-a7zz-qbxs-mbbt"},{"vulnerability":"VCID-eh43-8g4u-63hq"},{"vulnerability":"VCID-jcsn-r7uh-97ee"},{"vulnerability":"VCID-kkss-n8nq-5be8"},{"vulnerability":"VCID-m1vd-uksa-m3cj"},{"vulnerability":"VCID-ndsg-2zqx-4bas"},{"vulnerability":"VCID-pk2p-fhmh-fyau"},{"vulnerability":"VCID-yz7m-e52q-3qaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2024.12.1%252Bdfsg-3%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2023-34188"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9v5x-hsts-p7du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206821?format=json","vulnerability_id":"VCID-kvm1-sejr-aqbu","summary":"mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13503","reference_id":"","reference_type":"","scores":[{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56673","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104835?format=json","purl":"pkg:deb/debian/swupdate@2021.04-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2021.04-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104834?format=json","purl":"pkg:deb/debian/swupdate@2022.12%2Bdfsg-4%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-593x-3915-9ffy"},{"vulnerability":"VCID-949c-mzqd-6bdr"},{"vulnerability":"VCID-9ff4-a1wr-qbcu"},{"vulnerability":"VCID-9v5x-hsts-p7du"},{"vulnerability":"VCID-a7zz-qbxs-mbbt"},{"vulnerability":"VCID-eh43-8g4u-63hq"},{"vulnerability":"VCID-jcsn-r7uh-97ee"},{"vulnerability":"VCID-kkss-n8nq-5be8"},{"vulnerability":"VCID-m1vd-uksa-m3cj"},{"vulnerability":"VCID-ndsg-2zqx-4bas"},{"vulnerability":"VCID-pk2p-fhmh-fyau"},{"vulnerability":"VCID-r5hg-wdpy-zuba"},{"vulnerability":"VCID-yz7m-e52q-3qaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2022.12%252Bdfsg-4%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104838?format=json","purl":"pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-593x-3915-9ffy"},{"vulnerability":"VCID-949c-mzqd-6bdr"},{"vulnerability":"VCID-9ff4-a1wr-qbcu"},{"vulnerability":"VCID-a7zz-qbxs-mbbt"},{"vulnerability":"VCID-eh43-8g4u-63hq"},{"vulnerability":"VCID-jcsn-r7uh-97ee"},{"vulnerability":"VCID-kkss-n8nq-5be8"},{"vulnerability":"VCID-m1vd-uksa-m3cj"},{"vulnerability":"VCID-ndsg-2zqx-4bas"},{"vulnerability":"VCID-pk2p-fhmh-fyau"},{"vulnerability":"VCID-yz7m-e52q-3qaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2024.12.1%252Bdfsg-3%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2019-13503"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kvm1-sejr-aqbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151943?format=json","vulnerability_id":"VCID-m5qn-5pzn-13cw","summary":"A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated \"this will not happen in practice.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25756","reference_id":"","reference_type":"","scores":[{"value":"0.00913","scoring_system":"epss","scoring_elements":"0.76334","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25756"},{"reference_url":"https://github.com/cesanta/mongoose/issues/1135","reference_id":"1135","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:58:00Z/"}],"url":"https://github.com/cesanta/mongoose/issues/1135"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104839?format=json","purl":"pkg:deb/debian/swupdate@2022.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2022.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104834?format=json","purl":"pkg:deb/debian/swupdate@2022.12%2Bdfsg-4%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-593x-3915-9ffy"},{"vulnerability":"VCID-949c-mzqd-6bdr"},{"vulnerability":"VCID-9ff4-a1wr-qbcu"},{"vulnerability":"VCID-9v5x-hsts-p7du"},{"vulnerability":"VCID-a7zz-qbxs-mbbt"},{"vulnerability":"VCID-eh43-8g4u-63hq"},{"vulnerability":"VCID-jcsn-r7uh-97ee"},{"vulnerability":"VCID-kkss-n8nq-5be8"},{"vulnerability":"VCID-m1vd-uksa-m3cj"},{"vulnerability":"VCID-ndsg-2zqx-4bas"},{"vulnerability":"VCID-pk2p-fhmh-fyau"},{"vulnerability":"VCID-r5hg-wdpy-zuba"},{"vulnerability":"VCID-yz7m-e52q-3qaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2022.12%252Bdfsg-4%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104838?format=json","purl":"pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-593x-3915-9ffy"},{"vulnerability":"VCID-949c-mzqd-6bdr"},{"vulnerability":"VCID-9ff4-a1wr-qbcu"},{"vulnerability":"VCID-a7zz-qbxs-mbbt"},{"vulnerability":"VCID-eh43-8g4u-63hq"},{"vulnerability":"VCID-jcsn-r7uh-97ee"},{"vulnerability":"VCID-kkss-n8nq-5be8"},{"vulnerability":"VCID-m1vd-uksa-m3cj"},{"vulnerability":"VCID-ndsg-2zqx-4bas"},{"vulnerability":"VCID-pk2p-fhmh-fyau"},{"vulnerability":"VCID-yz7m-e52q-3qaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2024.12.1%252Bdfsg-3%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2020-25756"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m5qn-5pzn-13cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151172?format=json","vulnerability_id":"VCID-r5hg-wdpy-zuba","summary":"Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2905.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2905.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2905","reference_id":"","reference_type":"","scores":[{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48936","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2905"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2905"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2230653","reference_id":"2230653","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2230653"},{"reference_url":"https://github.com/cesanta/mongoose/pull/2274","reference_id":"2274","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-10T14:56:20Z/"}],"url":"https://github.com/cesanta/mongoose/pull/2274"},{"reference_url":"https://github.com/cesanta/mongoose/releases/tag/7.11","reference_id":"7.11","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-10T14:56:20Z/"}],"url":"https://github.com/cesanta/mongoose/releases/tag/7.11"},{"reference_url":"https://takeonme.org/cves/CVE-2023-2905.html","reference_id":"CVE-2023-2905.html","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-10T14:56:20Z/"}],"url":"https://takeonme.org/cves/CVE-2023-2905.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104840?format=json","purl":"pkg:deb/debian/swupdate@2024.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2024.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104838?format=json","purl":"pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-593x-3915-9ffy"},{"vulnerability":"VCID-949c-mzqd-6bdr"},{"vulnerability":"VCID-9ff4-a1wr-qbcu"},{"vulnerability":"VCID-a7zz-qbxs-mbbt"},{"vulnerability":"VCID-eh43-8g4u-63hq"},{"vulnerability":"VCID-jcsn-r7uh-97ee"},{"vulnerability":"VCID-kkss-n8nq-5be8"},{"vulnerability":"VCID-m1vd-uksa-m3cj"},{"vulnerability":"VCID-ndsg-2zqx-4bas"},{"vulnerability":"VCID-pk2p-fhmh-fyau"},{"vulnerability":"VCID-yz7m-e52q-3qaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2024.12.1%252Bdfsg-3%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2023-2905"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r5hg-wdpy-zuba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208346?format=json","vulnerability_id":"VCID-t32y-8n9t-jqgx","summary":"The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26530","reference_id":"","reference_type":"","scores":[{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56673","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26530"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104839?format=json","purl":"pkg:deb/debian/swupdate@2022.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2022.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104834?format=json","purl":"pkg:deb/debian/swupdate@2022.12%2Bdfsg-4%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-593x-3915-9ffy"},{"vulnerability":"VCID-949c-mzqd-6bdr"},{"vulnerability":"VCID-9ff4-a1wr-qbcu"},{"vulnerability":"VCID-9v5x-hsts-p7du"},{"vulnerability":"VCID-a7zz-qbxs-mbbt"},{"vulnerability":"VCID-eh43-8g4u-63hq"},{"vulnerability":"VCID-jcsn-r7uh-97ee"},{"vulnerability":"VCID-kkss-n8nq-5be8"},{"vulnerability":"VCID-m1vd-uksa-m3cj"},{"vulnerability":"VCID-ndsg-2zqx-4bas"},{"vulnerability":"VCID-pk2p-fhmh-fyau"},{"vulnerability":"VCID-r5hg-wdpy-zuba"},{"vulnerability":"VCID-yz7m-e52q-3qaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2022.12%252Bdfsg-4%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104838?format=json","purl":"pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-593x-3915-9ffy"},{"vulnerability":"VCID-949c-mzqd-6bdr"},{"vulnerability":"VCID-9ff4-a1wr-qbcu"},{"vulnerability":"VCID-a7zz-qbxs-mbbt"},{"vulnerability":"VCID-eh43-8g4u-63hq"},{"vulnerability":"VCID-jcsn-r7uh-97ee"},{"vulnerability":"VCID-kkss-n8nq-5be8"},{"vulnerability":"VCID-m1vd-uksa-m3cj"},{"vulnerability":"VCID-ndsg-2zqx-4bas"},{"vulnerability":"VCID-pk2p-fhmh-fyau"},{"vulnerability":"VCID-yz7m-e52q-3qaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2024.12.1%252Bdfsg-3%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2021-26530"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t32y-8n9t-jqgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208343?format=json","vulnerability_id":"VCID-x4qd-dnaa-wyf7","summary":"The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26528","reference_id":"","reference_type":"","scores":[{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56673","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26528"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104839?format=json","purl":"pkg:deb/debian/swupdate@2022.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2022.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104834?format=json","purl":"pkg:deb/debian/swupdate@2022.12%2Bdfsg-4%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-593x-3915-9ffy"},{"vulnerability":"VCID-949c-mzqd-6bdr"},{"vulnerability":"VCID-9ff4-a1wr-qbcu"},{"vulnerability":"VCID-9v5x-hsts-p7du"},{"vulnerability":"VCID-a7zz-qbxs-mbbt"},{"vulnerability":"VCID-eh43-8g4u-63hq"},{"vulnerability":"VCID-jcsn-r7uh-97ee"},{"vulnerability":"VCID-kkss-n8nq-5be8"},{"vulnerability":"VCID-m1vd-uksa-m3cj"},{"vulnerability":"VCID-ndsg-2zqx-4bas"},{"vulnerability":"VCID-pk2p-fhmh-fyau"},{"vulnerability":"VCID-r5hg-wdpy-zuba"},{"vulnerability":"VCID-yz7m-e52q-3qaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2022.12%252Bdfsg-4%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104838?format=json","purl":"pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-593x-3915-9ffy"},{"vulnerability":"VCID-949c-mzqd-6bdr"},{"vulnerability":"VCID-9ff4-a1wr-qbcu"},{"vulnerability":"VCID-a7zz-qbxs-mbbt"},{"vulnerability":"VCID-eh43-8g4u-63hq"},{"vulnerability":"VCID-jcsn-r7uh-97ee"},{"vulnerability":"VCID-kkss-n8nq-5be8"},{"vulnerability":"VCID-m1vd-uksa-m3cj"},{"vulnerability":"VCID-ndsg-2zqx-4bas"},{"vulnerability":"VCID-pk2p-fhmh-fyau"},{"vulnerability":"VCID-yz7m-e52q-3qaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2024.12.1%252Bdfsg-3%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2021-26528"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4qd-dnaa-wyf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207095?format=json","vulnerability_id":"VCID-ys6t-arru-vuez","summary":"An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19307","reference_id":"","reference_type":"","scores":[{"value":"0.02961","scoring_system":"epss","scoring_elements":"0.86787","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19307"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104835?format=json","purl":"pkg:deb/debian/swupdate@2021.04-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2021.04-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104834?format=json","purl":"pkg:deb/debian/swupdate@2022.12%2Bdfsg-4%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-593x-3915-9ffy"},{"vulnerability":"VCID-949c-mzqd-6bdr"},{"vulnerability":"VCID-9ff4-a1wr-qbcu"},{"vulnerability":"VCID-9v5x-hsts-p7du"},{"vulnerability":"VCID-a7zz-qbxs-mbbt"},{"vulnerability":"VCID-eh43-8g4u-63hq"},{"vulnerability":"VCID-jcsn-r7uh-97ee"},{"vulnerability":"VCID-kkss-n8nq-5be8"},{"vulnerability":"VCID-m1vd-uksa-m3cj"},{"vulnerability":"VCID-ndsg-2zqx-4bas"},{"vulnerability":"VCID-pk2p-fhmh-fyau"},{"vulnerability":"VCID-r5hg-wdpy-zuba"},{"vulnerability":"VCID-yz7m-e52q-3qaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2022.12%252Bdfsg-4%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104838?format=json","purl":"pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-593x-3915-9ffy"},{"vulnerability":"VCID-949c-mzqd-6bdr"},{"vulnerability":"VCID-9ff4-a1wr-qbcu"},{"vulnerability":"VCID-a7zz-qbxs-mbbt"},{"vulnerability":"VCID-eh43-8g4u-63hq"},{"vulnerability":"VCID-jcsn-r7uh-97ee"},{"vulnerability":"VCID-kkss-n8nq-5be8"},{"vulnerability":"VCID-m1vd-uksa-m3cj"},{"vulnerability":"VCID-ndsg-2zqx-4bas"},{"vulnerability":"VCID-pk2p-fhmh-fyau"},{"vulnerability":"VCID-yz7m-e52q-3qaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2024.12.1%252Bdfsg-3%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2019-19307"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ys6t-arru-vuez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206766?format=json","vulnerability_id":"VCID-zw76-bgs3-r3cv","summary":"An issue was discovered in Mongoose before 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12951","reference_id":"","reference_type":"","scores":[{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64533","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12951"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12951","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12951"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104835?format=json","purl":"pkg:deb/debian/swupdate@2021.04-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2021.04-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104834?format=json","purl":"pkg:deb/debian/swupdate@2022.12%2Bdfsg-4%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-593x-3915-9ffy"},{"vulnerability":"VCID-949c-mzqd-6bdr"},{"vulnerability":"VCID-9ff4-a1wr-qbcu"},{"vulnerability":"VCID-9v5x-hsts-p7du"},{"vulnerability":"VCID-a7zz-qbxs-mbbt"},{"vulnerability":"VCID-eh43-8g4u-63hq"},{"vulnerability":"VCID-jcsn-r7uh-97ee"},{"vulnerability":"VCID-kkss-n8nq-5be8"},{"vulnerability":"VCID-m1vd-uksa-m3cj"},{"vulnerability":"VCID-ndsg-2zqx-4bas"},{"vulnerability":"VCID-pk2p-fhmh-fyau"},{"vulnerability":"VCID-r5hg-wdpy-zuba"},{"vulnerability":"VCID-yz7m-e52q-3qaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2022.12%252Bdfsg-4%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104838?format=json","purl":"pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-593x-3915-9ffy"},{"vulnerability":"VCID-949c-mzqd-6bdr"},{"vulnerability":"VCID-9ff4-a1wr-qbcu"},{"vulnerability":"VCID-a7zz-qbxs-mbbt"},{"vulnerability":"VCID-eh43-8g4u-63hq"},{"vulnerability":"VCID-jcsn-r7uh-97ee"},{"vulnerability":"VCID-kkss-n8nq-5be8"},{"vulnerability":"VCID-m1vd-uksa-m3cj"},{"vulnerability":"VCID-ndsg-2zqx-4bas"},{"vulnerability":"VCID-pk2p-fhmh-fyau"},{"vulnerability":"VCID-yz7m-e52q-3qaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2024.12.1%252Bdfsg-3%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104836?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104837?format=json","purl":"pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie"}],"aliases":["CVE-2019-12951"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zw76-bgs3-r3cv"}],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2024.12.1%252Bdfsg-3%252Bdeb13u2%3Fdistro=trixie"}