Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/05/14 6:3 p.m.41 views

CVE-2026-42334 Mongoose: Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection

Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps quer...

7.5CVSS0.00274EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/05 9:48 p.m.9 views

@albertoielpo/kk-cli (>=1.1.0 <=1.1.2), @cyberskill/shared (>=2.20.0 <=2.27.0) +12 more potentially affected by CVE-2026-42334 via mongoose (>=9.0.0 <=9.1.5)

mongoose NPM version =9.0.0, =1.1.0, =2.20.0, =11.0.36, =11.7.0, =0.261.0, =0.98.0, =1.1.1, =9.0.0, =2.0.0, =1.0.2, =18.16.6, =18.17.2 Source cves: CVE-2026-42334 Source advisory: SNYK:JS-MONGOOSE-16425765...

7.5CVSS5.7AI score0.00274EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/05 9:48 p.m.8 views

01runmodel (>=1.0.3 <=1.0.4), 1405-authtokens (>=1.0.1 <=1.0.5) +9303 more potentially affected by CVE-2026-42334 via mongoose (>=1.0.0 <=6.13.8)

mongoose NPM version =1.0.0, =1.0.3, =1.0.1, =1.0.0, =1.0.0, =1.0.7, =0.0.1, =0.0.2, =0.3.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-42334 Source advisory: OSV:GHSA-WPG9-53FQ-2R8H...

7.5CVSS5.7AI score0.00274EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/05 9:48 p.m.7 views

@a-la-fois/api (>=0.0.25 <=0.0.39), @a-la-fois/doc-client (>=0.0.1 <=0.0.39) +116 more potentially affected by CVE-2026-42334 via mongoose (>=7.0.0 <=7.8.8)

mongoose NPM version =7.0.0, =0.0.25, =0.0.1, =0.0.25, =0.0.1, =0.0.25, =3.12.0, =1.0.0, =1.0.6, =0.2.0, =0.2.0, =0.0.0, =1.0.2, =1.0.0, =7.6.10, =7.8.6 and more Source cves: CVE-2026-42334 Source advisory: SNYK:JS-MONGOOSE-16425765...

7.5CVSS5.7AI score0.00274EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/05 9:48 p.m.8 views

@3kles/3kles-coremongodb (>=1.2.3 <=1.3.1), @3kles/storagebox-common (=1.0.3) +213 more potentially affected by CVE-2026-42334 via mongoose (>=6.0.1 <=6.13.8)

mongoose NPM version =6.0.1, =1.2.3, =0.0.1, =0.0.1, =0.1.0, =0.1.0, =0.0.5, =1.12.3, =0.5.0, =0.6.1 - @bonio-tw/casbin-mongoose-adapter =1.0.13-rc2 - @brontosaurus/db =3.24.0 - @brontosaurus/init =1.0.0 and more Source cves: CVE-2026-42334 Source advisory: SNYK:JS-MONGOOSE-16425765...

7.5CVSS5.8AI score0.00274EPSS
Exploits0
Rows per page
Query Builder