cainiao159357

2 exploits Active since Jun 2023
CVE-2025-51495 NOMISEC HIGH WRITEUP
Mongoose 7.5-7.17 - Integer Overflow in WebSocket Component
An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow.
CVSS 7.5
CVE-2023-2598 NOMISEC HIGH WORKING POC
Linux Kernel 6.3-6.3.2 - Use-After-Free in io_uring Buffer Registration
A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.
CVSS 7.8