CVE-2025-12100

Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6...

CVE-2025-11535

MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24...

CVE-2025-11535

MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24...

CVE-2025-11535

CVE-2025-11535 affects MongoDB Connector for BI (Windows MSI installs) and is caused by ACLs not being set on custom installation directories, enabling local privilege escalation. Affected versions: 2.0.0–2.14.24. Reported by multiple sources (Red Hat, NVD, CNNVD, etc.). Impact is described as hi...

CVE-2025-11535 MongoDB Connector for BI installation MSI leave ACLs unset on custom installation directories

MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24...

EUVD-2025-33270

MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24...

MongoDB Connector for BI installation MSI leave ACLs unset on custom installation directories

MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24...

PT-2025-41315

Name of the Vulnerable Software and Affected Versions MongoDB Connector for BI versions 2.0.0 through 2.14.24 Description The installation of MongoDB Connector for BI via MSI on Windows may result in Privilege Escalation due to improperly configured Access Control Lists ACLs on custom installatio...

EUVD-2020-0400

Malware in sbrugna...

EUVD-2018-12363

Malware in sbrugna...

CVE-2020-1929

The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an option to disable SSL trust verification. However this configuration is not respected and the certificate verification disables trust verification in every case. This exclusion also gets registered globally which disables trust...

Insecure TLS Configuration

Apache Beam MongoDB connector uses insecure TLS configurations. The option to disable SSL trust verification is not properly handled and causes the trust verification to be disabled in all cases. This allows a remote attacker to perform man-in-the-middle attacks against the server...

CVE-2020-1929

The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an option to disable SSL trust verification. However this configuration is not respected and the certificate verification disables trust verification in every case. This exclusion also gets registered globally which disables trust...

CVE-2020-1929

The CVE-2020-1929 entry concerns the Apache Beam MongoDB connector. Affected versions 2.10.0–2.16.0 expose an option to disable SSL trust verification, but the configuration is not respected and disables trust verification in all cases. This exclusion is registered globally, affecting any code ru...

GHSA-M734-R4G6-34F9 NoSQL Injection in loopback-connector-mongodb

Versions of loopback-connector-mongodb before 3.6.0 are vulnerable to NoSQL injection. MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous $where property to be passed to the MongoDB Driver. The Driver allows the special $where...

IBM API Connect Privilege Acquisition Vulnerability

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. A security vulnerability exists in the MongoDB connector for the LoopBack framework in IBM API Connect...

CVE-2018-1784

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807...

NoSQL Injection

Overview Versions of loopback-connector-mongodb before 3.6.0 are vulnerable to NoSQL injection. MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous $where property to be passed to the MongoDB Driver. The Driver allows the speci...