Lucene search
K

472 matches found

OSV
OSV
added 2026/05/08 8:50 a.m.6 views

BIT-MONGODB-2026-6914 MD5 checksum creation may cause availability loss

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

7.5CVSS5.8AI score0.00255EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.21 views

PT-2026-39160

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

7.5CVSS5.8AI score0.00255EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-8063

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the...

7.1CVSS5.8AI score0.0023EPSS
Exploits0References2
NVD
NVD
added 2026/05/07 6:16 a.m.15 views

CVE-2026-8063

An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads...

7.1CVSS0.0023EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 4:12 a.m.22 views

CVE-2026-8063

CVE-2026-8063 affects MongoDB Server 8.2

7.1CVSS5.8AI score0.0023EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/07 4:12 a.m.21 views

EUVD-2026-28326

An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads...

7.1CVSS5.8AI score0.0023EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.9 views

FreeBSD : MongoDB Server -- Multiple vulnerabilities (67e31a04-49fa-11f1-9b23-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 67e31a04-49fa-11f1-9b23-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-119981 reports: Tenable has extracted the preceding...

7.5CVSS5.8AI score0.00255EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-6914

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB...

7.5CVSS5.8AI score0.00255EPSS
Exploits0References2
CVE
CVE
added 2026/04/29 4:47 p.m.20 views

CVE-2026-6914

CVE-2026-6914 : The vulnerability arises from computing the MD5 checksum of a malformed BSON object, potentially causing loss of availability on MongoDB Server. Affected are all MongoDB Server v8.2, all v8.1, v8.0 prior to 8.0.21, and v7.0 prior to 7.0.32. The provided documents do not specify ex...

7.5CVSS5.2AI score0.00255EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.11 views

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from an...

6.3CVSS5.8AI score0.00167EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.12 views

MongoDB Server 数字错误漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a numerical error vulnerability in MongoDB Server, where the MD5 checks...

7.5CVSS5.8AI score0.00255EPSS
Exploits0References1
OSV
OSV
added 2026/04/23 3:10 p.m.5 views

JLSEC-2026-180

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB...

7.8CVSS5.9AI score0.0026EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.9 views

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.14 views

PT-2026-25907

Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description A use-after-free issue can occur in sharded clusters when a user with read access submits a specifically designed aggregation pipeline using either the $lookup or $graphLookup operator...

8.8CVSS5.8AI score0.00323EPSS
Exploits0References14
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 6:2 a.m.13 views

Security Bulletin: Vulnerabilities in MongoDB Server might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Zlib which use by MongoDB server. Vulnerability include mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client as described by t...

8.7CVSS5.9AI score0.83007EPSS
Exploits39Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/24 9:9 p.m.8 views

Security Bulletin: Improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server affecting MongoDB Enterprised Advanced (CVE-2024-10921)

Summary There is a vulnerability in MongoDB Server used in MongoDB Enterprised Advanced for IBM, involving improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2024-10921 DESCRIPTION: An...

8.1CVSS5.7AI score0.00537EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.6 views

FreeBSD : MongoDB Server -- Multiple vulnerabilities (77e32b14-0800-11f1-8a6f-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 77e32b14-0800-11f1-8a6f-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-114126 reports: Complex queries can cause excessive...

7.5CVSS5.8AI score0.00272EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.10 views

FreeBSD : MongoDB Server -- CWE-704 Incorrect Type Conversion or Cast (7f9bac32-0800-11f1-8a6f-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7f9bac32-0800-11f1-8a6f-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-113685 reports: An authorized user may disable the MongoDB serve...

7.1CVSS5.5AI score0.0024EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-1849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive function...

7.5CVSS6AI score0.00272EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/11 7:44 p.m.5 views

CVE-2026-25611

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server...

8.7CVSS5.4AI score0.00782EPSS
Exploits0References1
Rows per page
Query Builder