CVE-2026-31891 Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...

CVE-2026-31891

CVE-2026-31891 affects Cockpit CMS 2.13.4 and earlier with API access enabled. A SQL injection in the MongoLite Aggregation Optimizer allows an attacker with a valid read-only API key to inject arbitrary SQL via unsanitized field names in aggregation queries (toJsonExtractRaw()), bypassing the pu...

CVE-2026-31891 Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...

PT-2026-26039

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the...

PT-2026-26038

A stored cross‑site scripting XSS vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’...

PHOENIX CONTACT FL NAT 跨站请求伪造漏洞

PHOENIX CONTACT FL NAT is a series of industrial security gateways developed by PHOENIX CONTACT GmbH in Germany. PHOENIX CONTACT FL NAT has a cross-site request forgeing vulnerability, which originates from the Link Aggregation configuration interface. This vulnerability may allow unverified remo...

Phoenix Contact多款产品 跨站脚本漏洞

PHOENIX CONTACT FL SWITCH and PHOENIX CONTACT FL NAT are products of the German company PHOENIX CONTACT. PHOENIX CONTACT FL SWITCH is an industrial-grade Ethernet switch. PHOENIX CONTACT FL NAT is a series of industrial security gateways. Several products from Phoenix Contact have a cross-site...

EUVD-2026-12639

A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution SBE engine when an in-memory hash table is spilled to disk...

CVE-2026-4358

A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution SBE engine when an in-memory hash table is spilled to disk...

CVE-2026-4358

A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution SBE engine when an in-memory hash table is spilled to disk...

Memory safety issues in slot-based execution hash table spill

A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution SBE engine when an in-memory hash table is spilled to disk...

CVE-2026-4358 Memory safety issues in slot-based execution hash table spill

A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution SBE engine when an in-memory hash table is spilled to disk...

CVE-2026-4358

CVE-2026-4358 affects MongoDB's slot-based execution (SBE) engine. A specially crafted aggregation query with $lookup by an authenticated user with write privileges can trigger a memory safety issue (double-free or use-after-free) when an in-memory hash table spills to disk. Impact per metrics in...

GHSA-7X5C-VFHJ-9628 Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()

Impact This is a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected. Who is impacted: - Any deployment where the /api/content/aggregate/model endpoint is publicly accessible...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the toJsonExtractRaw function in the MongoLite Aggregation Optimizer. An attacker can extract unauthorized data from the underlying database by injecting arbitrary SQL through unsanitized field names in aggregation...

Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()

Impact This is a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected. Who is impacted: - Any deployment where the /api/content/aggregate/model endpoint is publicly accessible...

UBUNTU-CVE-2026-4148

A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline...

CVE-2026-4148 ExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation operators

A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline...

PT-2026-25937

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description A specially crafted aggregation query utilizing the $lookup operator, submitted by an authenticated user possessing write privileges, can lead to a double-free or use-after-free memory issue...

PT-2026-25907

Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description A use-after-free issue can occur in sharded clusters when a user with read access submits a specifically designed aggregation pipeline using either the $lookup or $graphLookup operator...