Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.8 views

CVE-2026-9753

The $internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command...

8.1CVSS5.6AI score0.00298EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.9 views

CVE-2026-9743

In MongoDB Server 8.0, an aggregation stage can leave its subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline when reattaching to the operation context, accessing an invalid addres...

7.1CVSS5.5AI score0.00307EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 11:17 p.m.11 views

CVE-2026-9753

The $internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command...

8.1CVSS0.00298EPSS
Exploits0References1
MongoDB
MongoDB
added 2026/06/09 9:56 p.m.8 views

Client side encryption fails to encrypt values in a $vectorSearch

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

7.1CVSS5.4AI score0.00103EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-48291

Name of the Vulnerable Software and Affected Versions MongoDB Server version 8.0 Description An aggregation stage can leave its subPipeline field null during the processing of specific pipelines. If a getMore command is subsequently issued on the same cursor, the server may dereference this null...

7.1CVSS5.2AI score0.00307EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/05 12:0 a.m.4 views

FreeBSD : mongodb -- MongoDB Server access to non-initialized memory (a9dc3c61-a20f-11f0-91d8-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a9dc3c61-a20f-11f0-91d8-b42e991fc52e advisory. [email protected] reports: MongoDB Server may access non-initialized region of memory leading to unexpect...

9.8CVSS5.5AI score0.00373EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-49327

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.00373EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.4 views

PT-2024-39153

Name of the Vulnerable Software and Affected Versions: MongoDB Server version 6.0.3 Description: The issue is related to MongoDB Server accessing a non-initialized region of memory, leading to unexpected behavior when zero arguments are called in an internal aggregation stage. Recommendations: Fo...

9.8CVSS8.6AI score0.00373EPSS
Exploits0References20
Rows per page
Query Builder