CVE Tools

cesanta

OSS Librariesoss-project

91

Cumulative CVEs

8

Monthly snapshots

#24

Peak rank

Top products

mongoose10 mongoose web server10

Latest CVEs

The 15 most recently published vulnerabilities affecting cesanta.

CVE-2026-6986Cesanta Mongoose GCM Authentication Tag tls_aes128.c mg_aes_gcm_decrypt signature verification3.7Apr 25, 2026
CVE-2026-6985Cesanta Mongoose TCP Option net_builtin.c handle_opt infinite loop5.3Apr 25, 2026
CVE-2026-5246Cesanta Mongoose P-384 Public Key mongoose.c mg_tls_verify_cert_signature authorization5.6Apr 2, 2026
CVE-2026-5245Cesanta Mongoose mDNS Record mongoose.c handle_mdns_record stack-based overflow5.6Apr 2, 2026
CVE-2026-5244Cesanta Mongoose TLS 1.3 mongoose.c mg_tls_recv_cert heap-based overflow7.3Apr 2, 2026
CVE-2018-25193Mongoose Web Server 6.9 Denial of Service via Socket Connection7.5Mar 6, 2026
CVE-2026-2968Cesanta Mongoose Poly1305 Authentication Tag tls_chacha20.c mg_chacha20_poly1305_decrypt signature verification3.7Feb 23, 2026
CVE-2026-2967Cesanta Mongoose TCP Sequence Number net_builtin.c getpeer verification of source3.7Feb 23, 2026
CVE-2026-2966Cesanta Mongoose DNS Transaction ID dns.c mg_sendnsreq random values3.7Feb 23, 2026
CVE-2025-65502Null pointer dereference in add_ca_certs() in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSL_CTX_get_cert_store() returns NULL.4.3Nov 24, 2025
CVE-2025-51495An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If d...7.5Sep 29, 2025
CVE-2025-0696A NULL Pointer Dereference vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSO...5.3Jan 27, 2025
CVE-2025-0695An Allocation of Resources Without Limits or Throttling vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supply...5.3Jan 27, 2025
CVE-2024-42392Improper Neutralization of Delimiters in Mongoose Web Server library4.0Nov 18, 2024
CVE-2024-42391Use of Out-of-range Pointer Offset in Mongoose Web Server library4.3Nov 18, 2024