403 matches found
Security Bulletin: MongoDB Enterprised Advanced affected by: XML External Entity (XXE) vulnerability (CVE-2026-24400)
Summary There are vulnerabilities in assertj-core-3.27.6.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-24400. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-24400 DESCRIPTION: AssertJ provides Fluent testing assertions for Java and the Java Virtu...
Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Input Validation vulnerability (CVE-2025-15284, CVE-2026-2391)
Summary There are vulnerabilities in qs-6.14.0.tgz, qs-6.14.1.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-15284, CVE-2026-2391. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow via unsafe string copying in the canonicalization process. An attacker can execute arbitrary code or cause a denial of service by supplying a specially crafted username in the MongoDB URI with authMechanism=GSSAPI before...
PT-2026-35924
Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...
Linux Distros Unpatched Vulnerability : CVE-2026-6691
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any...
ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.114.0 <=0.120.0), ai.ancf.lmos:arc-memory-mongo-spring-boot-starter (>=0.114.0 <=0.120.0) +4735 more potentially affected by CVE-2026-40973 via org.springframework.boot:spring-boot (>=3.4.0 <=3.4.13)
org.springframework.boot:spring-boot MAVEN version =3.4.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.17.0, =1.17.0, =1.17.0, =0.0.1, =0.0.1, =0.25.7-rc.64, =0.25.7-rc.68 and more Source cves: CVE-2026-40973 Source advisory: OSV:GHSA-WWPQ-F5C3-7HVX...
JLSEC-2026-181
A mongocbulkoperationt may read invalid memory if large options are passed...
PT-2026-33173
Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.29.0 Description An authorization bypass exists in the REST API of this open-source Node.js content management system. Unauthenticated attackers can extract all distinct field values for any schema field type...
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the bsonvalidate function. An attacker can cause malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly by submitting specially crafted BSON data to...
ROS-20260401-73-0039
Vulnerability in mongo-c-driver related to buffer copying without checking input data size. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
Fedora: Security Advisory (FEDORA-2026-cc129df978)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2026-c5273647fa)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 42 Update: mongo-c-driver-1.30.7-2.fc42
mongo-c-driver is a client library written in C for MongoDB...
[SECURITY] Fedora 43 Update: mongo-c-driver-1.30.7-2.fc43
mongo-c-driver is a client library written in C for MongoDB...
[SECURITY] Fedora 44 Update: mongo-c-driver-1.30.7-2.fc44
mongo-c-driver is a client library written in C for MongoDB...
Fedora 42 : mongo-c-driver (2026-c5273647fa)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-c5273647fa advisory. - Fix handling in HTTP response parser CVE-2026-4359 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
Fedora 43 : mongo-c-driver (2026-cc129df978)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cc129df978 advisory. - Fix handling in HTTP response parser CVE-2026-4359 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
Fedora 44 : mongo-c-driver (2026-508009213f)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-508009213f advisory. - Fix handling in HTTP response parser CVE-2026-4359 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
websec-payloads
Web Security Payloads & Exploitation Reference Comprehensiv...
OESA-2026-1747 mongo-c-driver security update
mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: A compromised third party cloud server or man-in-the-middle...