Lucene search
K

3438 matches found

CVE
CVE
added 2026/06/09 10:5 p.m.86 views

CVE-2026-9747

The vulnerability CVE-2026-9747 affects MongoDB Server’s cross-shard merge aggregation. When building aggregations, using fromRouter:true with runtimeConstants.userRoles may cause the server to crash. The connected documentation confirms the issue but provides no details on mitigations; exploitat...

7.1CVSS5.5AI score0.0027EPSS
Exploits0References1Affected Software1
MongoDB
MongoDB
added 2026/06/09 10:5 p.m.12 views

Crafted cross-shard merge aggregation crashes MongoDB Server

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/09 9:59 p.m.29 views

CVE-2026-9743

MongoDB Server 8.0 is affected by a vulnerability where an aggregation stage can leave its _subPipeline field null during processing. If a getMore is issued on the same cursor, the server may dereference the null sub-pipeline when reattaching to the operation context, leading to an invalid addres...

7.1CVSS5.5AI score0.00307EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/09 9:59 p.m.40 views

CVE-2026-9743 Aggregation sub-pipeline null dereference may allow DoS via crafted getMore

In MongoDB Server 8.0, an aggregation stage can leave its subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline when reattaching to the operation context, accessing an invalid addres...

7.1CVSS0.00307EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 9:59 p.m.9 views

CVE-2026-9743 Aggregation sub-pipeline null dereference may allow DoS via crafted getMore

In MongoDB Server 8.0, an aggregation stage can leave its subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline when reattaching to the operation context, accessing an invalid addres...

7.1CVSS5.5AI score0.00307EPSS
Exploits0References1
MongoDB
MongoDB
added 2026/06/09 9:59 p.m.8 views

Aggregation sub-pipeline null dereference may allow DoS via crafted getMore

In MongoDB Server 8.0, an aggregation stage can leave its subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline when reattaching to the operation context, accessing an invalid addres...

7.1CVSS5.5AI score0.00307EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-48300

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description An authenticated user can cause a server crash or the return of incorrect results by creating documents that interfere with internal metadata processing during query execution. This issue is...

7.1CVSS5.5AI score0.00368EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-48298

Name of the Vulnerable Software and Affected Versions MongoDB server affected versions not specified Description The server may log authentication parameters, including credentials, to the server log during SASL Simple Authentication and Security Layer authentication. This occurs when connection...

6.8CVSS5.2AI score0.00119EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from the...

8.1CVSS5.4AI score0.00298EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.20 views

PT-2026-48319

Name of the Vulnerable Software and Affected Versions Spring Data MongoDB versions 5.0.0 through 5.0.5 Spring Data MongoDB versions 4.5.0 through 4.5.11 Spring Data MongoDB versions 4.4.0 through 4.4.14 Spring Data MongoDB versions 4.3.0 through 4.3.16 Spring Data MongoDB versions 4.2.0 through...

8.1CVSS6.3AI score0.00328EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from insufficie...

7.1CVSS5.3AI score0.00368EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which can cause server...

7.1CVSS5.3AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB Corporation in the United States. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which arises...

7.1CVSS5.5AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, Inc. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from the use of PauseExecution...

7.1CVSS5.3AI score0.00323EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from the...

7.1CVSS5.3AI score0.00103EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-48291

Name of the Vulnerable Software and Affected Versions MongoDB Server version 8.0 Description An aggregation stage can leave its subPipeline field null during the processing of specific pipelines. If a getMore command is subsequently issued on the same cursor, the server may dereference this null...

7.1CVSS5.2AI score0.00307EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

MongoDB Server 代码问题漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a code vulnerability in MongoDB Server, which stems from the 2dsphere...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from...

7.1CVSS5.3AI score0.00224EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

MongoDB Server 日志信息泄露漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a company based in the United States. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a vulnerability in MongoDB Server related to log...

6.8CVSS5.4AI score0.00119EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

MongoDB Server 代码问题漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. Version 8.0 of MongoDB Server contains a code vulnerability. This vulnerability...

7.1CVSS5.3AI score0.00307EPSS
Exploits0References1
Rows per page
Query Builder