CVE-2024-55416

DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed...

CVE-2023-22834

The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create...

CVE-2023-27848

broccoli-compass v0.2.4 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...

CVE-2021-43106

A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online TWO 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the...

VulnCheck KEV: CVE-2019-17050

An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environme...

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via a specific php artisan command at the /admin/compass endpoint. An attacker can execute arbitrary OS commands by injecting arguments into the command execution process. This is only exploitable if the...

MongoDB Compass Installed (macOS)

Binary data macosmongodbcompassinstalled.nbin...

MongoDB Compass < 1.42.2 Code Injection (macOS)

The version of MongoDB Compass installed on the remote host is affected by a code injection vulnerability. MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. Note that Nessus ha...

CVE-2025-1755

MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\nodemodules\. This issue affects MongoDB Compass prior to 1.42.1...

CVE-2025-1755

MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\nodemodules. This issue affects MongoDB Compass prior to 1.42.1...

CVE-2025-1755

MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\nodemodules. This issue affects MongoDB Compass prior to 1.42.1...

CVE-2025-1755

MongoDB Compass (Windows) is affected by CVE-2025-1755: a local privilege escalation vulnerability when a crafted file is stored in C:\node_modules, affecting versions prior to 1.42.1. The condition described enables elevated-privilege actions on the user’s system. Several connected sources (incl...

CVE-2025-1755 MongoDB Compass may be susceptible to local privilege escalation in Windows

MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\nodemodules. This issue affects MongoDB Compass prior to 1.42.1...

CVE-2025-1755 MongoDB Compass may be susceptible to local privilege escalation in Windows

MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\nodemodules. This issue affects MongoDB Compass prior to 1.42.1...

MongoDB Compass may be susceptible to local privilege escalation in Windows

MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\nodemodules. This issue affects MongoDB Compass prior to 1.42.1...

PT-2025-8960 · Mongodb · Mongodb Compass

Name of the Vulnerable Software and Affected Versions: MongoDB Compass versions prior to 1.42.1 Description: The issue may allow local privilege escalation under certain conditions, potentially enabling unauthorized actions on a user's system with elevated privileges. This can occur when a crafte...

MongoDB Compass 代码问题漏洞

MongoDB Compass is a free interactive tool from MongoDB, Inc. for querying, optimizing, and analyzing MongoDB data. A code issue vulnerability exists in MongoDB Compass versions prior to 1.42.1 that stems from local elevation of privilege...

CVE-2022-42447

HCL Compass is vulnerable to Cross-Origin Resource Sharing CORS. This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request...

DevDojo Voyager vulnerable to path traversal

DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass...

Voyager 安全漏洞

Voyager is an application by David Borland Personal Developer. A security vulnerability exists in Voyager version 1.8.0 and earlier, which stems from vulnerability to path traversal attacks via /admin/compass...