CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1155 matches found

Mongoose < 8.8.3 - Remote Code Execution

Mongoose before 8.8.3 can improperly use $where in match, leading to search injection. id: CVE-2024-53900 info: name: Mongoose 8.8.3 - Remote Code Execution author: h4mg severity: critical description: | Mongoose before 8.8.3 can improperly use $where in match, leading to search injection. impact...

9.1CVSS7.5AI score0.52176EPSS

Exploits3References5

Nuclei•added 16 hours ago•6 views

Mongoose - NoSQL Injection

NoSQL injection vulnerability in Mongoose 8.9.5 affecting the populate function's match option. This vulnerability exists due to an incomplete fix for CVE-2024-53900. While direct $where injection is blocked, attackers can bypass this protection by nesting $where operators within logical operator...

9.8CVSS7.8AI score0.55322EPSS

Exploits3References4

UbuntuCve•added 2 days ago•2 views

CVE-2025-65502

Null pointer dereference in addcacerts in Cesanta Mongoose before...

4.3CVSS5.8AI score0.00162EPSS

Exploits1References3

RedhatCVE•added 2026/05/21 12:53 p.m.•5 views

CVE-2026-42334

A flaw was found in Mongoose, a MongoDB object modeling tool. A remote attacker could bypass the sanitizeFilter query sanitization mechanism by injecting malicious operators, such as $ne, $gt, or $regex, within a $nor clause. This vulnerability arises because the $nor operator was not properly...

7.5CVSS5.8AI score0.00047EPSS

Exploits0References2

OSV•added 2026/05/18 5:48 a.m.•3 views

BIT-MONGOOSE-2026-42334 Mongoose: Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection

Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps quer...

7.5CVSS5.8AI score0.00047EPSS

Exploits0References2

NVD•added 2026/05/14 6:16 p.m.•6 views

CVE-2026-42334

7.5CVSS0.00047EPSS

Exploits0References1

Vulnrichment•added 2026/05/14 6:3 p.m.•3 views

CVE-2026-42334 Mongoose: Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection

7.5CVSS5.8AI score0.00047EPSS

Exploits0References1

CVE•added 2026/05/14 6:3 p.m.•9 views

CVE-2026-42334

Technical details about CVE-2026-42334 are not publicly available in the provided documents. Monitor for updates.

7.5CVSS5.8AI score0.00047EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/14 6:3 p.m.•30 views

CVE-2026-42334 Mongoose: Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection

7.5CVSS0.00047EPSS

Exploits0References1

ATTACKERKB•added 2026/05/14 6:3 p.m.•3 views

CVE-2026-42334

7.5CVSS5.8AI score0.00047EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/05/14 12:0 a.m.•6 views

Mongoose 注入漏洞

Mongoose is an open-source MongoDB object modeling framework developed by Automattic. It is designed to work in asynchronous environments. Prior to versions 6.13.9, 7.8.9, 8.22.1, and 9.1.6, Mongoose had an injection vulnerability. This vulnerability stemmed from bypassing the sanitizeFilter quer...

7.5CVSS5.8AI score0.00047EPSS

Exploits0References1

Tenable Nessus•added 2026/05/11 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2021-26530

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mgtlsinit function in Cesanta Mongoose HTTPS server 7.0 compiled with OpenSSL support is vulnerable to remote OOB write attack via connection request after...

9.1CVSS5.8AI score0.00334EPSS

Exploits1References2

Tenable Nessus•added 2026/05/11 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-5244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler...

9.8CVSS7.1AI score0.00099EPSS

Exploits1References2

Tenable Nessus•added 2026/05/11 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2019-19307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in parsemqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS infinite loop, or possibly cause an out-of-boun...

9.8CVSS6AI score0.02961EPSS

Exploits1References2

Tenable Nessus•added 2026/05/11 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2019-13503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mqparsehttp in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read. CVE-2019-13503 Note that Nessus relies on the presence of the package as reported ...

7.5CVSS5.9AI score0.00334EPSS

Exploits1References2

Tenable Nessus•added 2026/05/11 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2023-2905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to a failure in validating the length of a provided MQTTCMDPUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server,...

8.8CVSS6AI score0.00224EPSS

Exploits1References2

Tenable Nessus•added 2026/05/11 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2023-34188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker ca...

7.5CVSS7.1AI score0.00109EPSS

Exploits0References2

Tenable Nessus•added 2026/05/11 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2020-25887

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in mgresolvefromhostsfile in Mongoose 6.18, when reading from a crafted hosts file. CVE-2020-25887 Note that Nessus relies on the presence of th...

8.8CVSS5.9AI score0.00141EPSS

Exploits1References2

Tenable Nessus•added 2026/05/11 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-6985

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component...

7.5CVSS5.7AI score0.00161EPSS

Exploits1References2

Tenable Nessus•added 2026/05/11 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-5246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mgtlsverifycertsignature of the file mongoose.c of the component P-384...

8.1CVSS5.4AI score0.00028EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by