PT-2026-29263

FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP Model Context Protocol tools endpoints /api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool accept a user-supplied URL parameter and make server-side HTTP requests to it without validating whether the...

EUVD-2023-36286

Malicious code in bioql PyPI...

The vulnerability of the MongoDB database management system, related to access control errors, allows attackers to gain unauthorized access to protected information.

The vulnerability of the MongoDB database management system is related to access control errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

CVE-2023-31997

UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both 1 running UniFi OS 3.1 and 2 hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen...

MongoDB -- Unauthorized access to underlying data

[email protected] reports: A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, Mongo...

CVE-2024-20483

Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager Mongo...

PT-2023-23562 · Ubiquiti +1 · Cloud Key Gen2 +4

Name of the Vulnerable Software and Affected Versions: UniFi OS version 3.1 Cloud Key Gen2 running UniFi OS 3.1 Cloud Key Gen2 Plus running UniFi OS 3.1 Description: The issue is related to a misconfiguration in UniFi OS 3.1 that affects consoles running UniFi Network, allowing users on a local...

Fortinet FortiPresence Authentication Error Vulnerability

Fortinet FortiPresence is a comprehensive data analytics solution from Fortinet, Inc. Fortinet FortiPresence suffers from an authentication error vulnerability that stems from a lack of authentication for critical functions, which can be exploited by an attacker to gain access to Redis and MongoD...

CVE-2022-41331

A missing authentication for critical function vulnerability CWE-306 in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests...

Exploit for Path Traversal in Igniterealtime Openfire

PoC exploit for CVE-2019-18393 and CVE-2019-18394, which are related to MongoDB and Redis vulnerabilities. The repository contains information on how to exploit these vulnerabilities, including a demonstration of how an attacker can gain unauthorized access to a MongoDB database and a Redis serve...