Lucene search
K

31 matches found

OSV
OSV
added 2026/06/16 11:48 a.m.6 views

BIT-MONGODB-2026-9735 Keyfile contents are in MongoDB Server logs

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS5.4AI score0.00119EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.22 views

MongoDB 8.3.x < 8.3.3 Information Disclosure

The version of MongoDB installed on the remote host is 8.3.x prior to 8.3.3. It is, therefore, affected by an information disclosure vulnerability: - MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metri...

6.8CVSS5.4AI score0.00119EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 12:31 a.m.11 views

EUVD-2026-35856

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS5.5AI score0.00119EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 11:17 p.m.15 views

CVE-2026-9735

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS0.00119EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:17 p.m.7 views

UBUNTU-CVE-2026-9735

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS5.3AI score0.00119EPSS
Exploits0References3
OSV
OSV
added 2026/06/09 10:40 p.m.2 views

CVE-2026-9735 Keyfile contents are in MongoDB Server logs

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS5.9AI score0.00119EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 10:40 p.m.106 views

CVE-2026-9735

CVE-2026-9735 concerns MongoDB server logging of SASL authentication parameters. The connected documents specify that when connection health metric logging is enabled, full authentication parameters (potentially including credentials) may be written to the server log without redaction. The NVD/NV...

6.8CVSS5.5AI score0.00119EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-48298

Name of the Vulnerable Software and Affected Versions MongoDB server affected versions not specified Description The server may log authentication parameters, including credentials, to the server log during SASL Simple Authentication and Security Layer authentication. This occurs when connection...

6.8CVSS5.2AI score0.00119EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

MongoDB Server 日志信息泄露漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a company based in the United States. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a vulnerability in MongoDB Server related to log...

6.8CVSS5.4AI score0.00119EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 1:33 p.m.13 views

OESA-2026-2480 lwip security update

lwip is a small independent implementation of the TCP/IP protocol suite. Security Fixes: A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument...

10CVSS7.6AI score0.01016EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/05/18 7:16 p.m.8 views

CVE-2026-8836

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be...

10CVSS7.5AI score0.01016EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/05/18 6:45 p.m.10 views

CVE-2026-8836

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be...

10CVSS7.7AI score0.01016EPSS
Exploits1References7
OSV
OSV
added 2026/05/18 6:45 p.m.3 views

CVE-2026-8836 lwIP snmpv3 USM snmp_msg.c snmp_parse_inbound_frame stack-based overflow

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be...

9.3CVSS7.5AI score0.01016EPSS
Exploits1References8
NVD
NVD
added 2026/04/08 6:24 p.m.6 views

CVE-2025-52222

D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a buffer overflow via the rden, rdauth, rdacct, httphadmin,...

7.5CVSS0.00326EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 8:49 a.m.13 views

CVE-2021-22171

Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link...

7.3CVSS6.5AI score0.01332EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2009-2163

Malware in sbrugna...

6.8CVSS6.4AI score0.0095EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2010-4764

Malware in sbrugna...

6.8CVSS6.4AI score0.01082EPSS
Exploits1References7
OSV
OSV
added 2024/10/24 5:15 p.m.5 views

CVE-2024-10335

A vulnerability was found in SourceCodester Garbage Collection Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. T...

9.8CVSS6.8AI score0.00709EPSS
Exploits1References5
OSV
OSV
added 2024/03/07 9:15 p.m.6 views

CVE-2024-26492

An issue in Online Diagnostic Lab Management System 1.0 allows a remote attacker to gain control of a 'Staff' user account via a crafted POST request using the id, email, password, and cpass parameters...

6.3CVSS5.9AI score0.00581EPSS
Exploits1References2
OSV
OSV
added 2024/03/06 11:20 a.m.22 views

BIT-GITLAB-2021-22171

Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link...

7.3CVSS6.4AI score0.01332EPSS
Exploits0References4
Rows per page
Query Builder