Lucene search
K

363 matches found

OSV
OSV
added 2026/06/24 1:9 p.m.5 views

OESA-2026-2693 mongo-c-driver security update

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: The bsonvalidate function may return early on specific inputs and...

8.6CVSS6.2AI score0.00184EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 2:48 p.m.3 views

BIT-MONGODB-2026-11933 Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS5.8AI score0.00384EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 11:48 a.m.9 views

BIT-MONGODB-2026-9740 Unbounded recursion in BSONColumn interleaved-reference causes pre-auth stack overflow

A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions,...

8.7CVSS5.3AI score0.00345EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.28 views

MongoDB 4.4.x < 4.4.31 / 5.0.x < 5.0.34 / 6.0.x < 6.0.29 / 7.0.x < 7.0.37 / 8.0.x < 8.0.26 / 8.2.x < 8.2.11 / 8.3.x < 8.3.4 Use-After-Free (CVE-2026-11933)

The version of MongoDB installed on the remote host is 4.4.x prior to 4.4.31, 5.0.x prior to 5.0.34, 6.0.x prior to 6.0.29, 7.0.x prior to 7.0.37, 8.0.x prior to 8.0.26, 8.2.x prior to 8.2.11, or 8.3.x prior to 8.3.4. It is, therefore, affected by a use-after-free vulnerability: - A use-after-fre...

8.8CVSS5.9AI score0.00384EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 2:16 a.m.17 views

CVE-2026-11933

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS0.00384EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 2:16 a.m.9 views

UBUNTU-CVE-2026-11933

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS5.4AI score0.00384EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 1:57 a.m.14 views

EUVD-2026-36373

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS5.5AI score0.00384EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 1:57 a.m.38 views

CVE-2026-11933 Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS0.00384EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 1:57 a.m.263 views

CVE-2026-11933

Technical details (affected products, versions, root cause, and remediation) are not publicly available in the provided documents. Please monitor for updates.

8.8CVSS5.5AI score0.00384EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 1:57 a.m.11 views

CVE-2026-11933 Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS5.3AI score0.00384EPSS
Exploits0References1
MongoDB
MongoDB
added 2026/06/12 1:57 a.m.18 views

Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS5.5AI score0.00384EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48817

Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description A use-after-free memory corruption flaw exists in the server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who...

8.8CVSS5.8AI score0.00384EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.24 views

MongoDB 7.0.x < 7.0.35 / 8.0.x < 8.0.24 / 8.2.x < 8.2.10 / 8.3.x < 8.3.3 Multiple Vulnerabilities

The version of MongoDB installed on the remote host is 7.0.x prior to 7.0.35, 8.0.x prior to 8.0.24, 8.2.x prior to 8.2.10, or 8.3.x prior to 8.3.3. It is, therefore, affected by multiple vulnerabilities: - The $internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document...

8.7CVSS5.7AI score0.00345EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-9740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The...

8.7CVSS5.5AI score0.00345EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 11:17 p.m.21 views

CVE-2026-9740

A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions,...

8.7CVSS0.00345EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:17 p.m.5 views

UBUNTU-CVE-2026-9740

A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions,...

8.7CVSS5.3AI score0.00345EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 10:43 p.m.49 views

CVE-2026-9740 Unbounded recursion in BSONColumn interleaved-reference causes pre-auth stack overflow

A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions,...

8.7CVSS0.00345EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 10:43 p.m.130 views

CVE-2026-9740

Affected software: MongoDB Server. Vulnerability: BSON validation logic allows unauthenticated users to crash mongod via a specially crafted message. The BSON validator’s handling of certain nested binary data structures enables uncontrolled mutual recursion, where each re-entry resets internal d...

8.7CVSS5.5AI score0.00345EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from the BSON...

8.7CVSS5.3AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-6811

A flaw was found in the MongoDB PHP driver. This stack exhaustion vulnerability can lead to application crashes when the driver processes deeply nested BSON Binary JSON documents. This can occur in unusual circumstances when the BSON documents originate from a source other than a MongoDB server,...

6CVSS5.5AI score0.00311EPSS
Exploits0References2
Rows per page
Query Builder