CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 4 hours ago•5 views

EUVD-2026-36373

MongoDB•added 4 hours ago•8 views

Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion

Exploits0References1Affected Software1

CVE•added 4 hours ago•7 views

CVE-2026-11933

Technical details (affected products, versions, root cause, and remediation) are not publicly available in the provided documents. Please monitor for updates.

Cvelist•added 4 hours ago•8 views

CVE-2026-11933 Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion

8.8CVSS

Positive Technologies•added 6 hours ago•6 views

PT-2026-48817

OSV•added 2026/05/19 8:53 a.m.•1 views

BIT-MONGODB-2026-8336 Post-authentication use-after-free error in $_internalJsEmit and mapreduce commands

After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...

RedhatCVE•added 2026/05/15 7:57 p.m.•3 views

CVE-2026-8336

Tenable Nessus•added 2026/05/14 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-8336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command's map function in a certain way, an authenticated user can...

EUVD•added 2026/05/13 6:30 p.m.•8 views

EUVD-2026-29893

NVD•added 2026/05/13 4:17 a.m.•6 views

CVE-2026-8336

7.7CVSS0.00082EPSS

ATTACKERKB•added 2026/05/13 12:16 a.m.•3 views

CVE-2026-8336

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/13 12:16 a.m.•3 views

CVE-2026-8336 Post-authentication use-after-free error in $_internalJsEmit and mapreduce commands

CVE•added 2026/05/13 12:16 a.m.•9 views

CVE-2026-8336

CVE-2026-8336 describes a post-authentication use-after-free in MongoDB Server related to $_internalJsEmit and mapreduce map function usage. According to the provided documents, when an authenticated user invokes these elements (with server-side JavaScript engine features such as $where, $functio...

Exploits0References1Affected Software1

Positive Technologies•added 2026/05/13 12:0 a.m.•11 views

PT-2026-40531

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 7.0.34 MongoDB Server versions prior to 8.0.23 MongoDB Server versions prior to 8.2.9 MongoDB Server versions prior to 8.3.2 Description An authenticated user can cause a denial-of-service by crashing mongod...

CNNVD•added 2026/05/13 12:0 a.m.•7 views

Exploits0References4

MongoDB Server 资源管理错误漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. Versions of MongoDB Server prior to 7.0.34, 8.0.23, 8.2.9, and 8.3.2 contain a...