MongoDB 7.0.x < 7.0.35 / 8.0.x < 8.0.24 / 8.2.x < 8.2.10 / 8.3.x < 8.3.3 / 9.0.0-rc0 Multiple Vulnerabilities

The version of MongoDB installed on the remote host is 7.0.x prior to 7.0.35, 8.0.x prior to 8.0.24, 8.2.x prior to 8.2.10, or 8.3.x prior to 8.3.3. It is, therefore, affected by multiple vulnerabilities: - A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable...

Linux Distros Unpatched Vulnerability : CVE-2026-9741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in...

CVE-2026-9741

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

UBUNTU-CVE-2026-9741

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

CVE-2026-9741

CVE-2026-9741 affects the MongoDB client-side encryption/QueryAble Encryption workflow, specifically the $vectorSearch aggregation stage. The root cause is in query analysis processing for QE or CSFLE, where literal values for encrypted fields used in the $vectorSearch stage filter expressions ar...

CVE-2026-9741 Client side encryption fails to encrypt values in a $vectorSearch

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

CVE-2026-9741 Client side encryption fails to encrypt values in a $vectorSearch

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

Client side encryption fails to encrypt values in a $vectorSearch

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

CVE-2026-5363

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

CVE-2026-5363

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

CVE-2026-32318

Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Befo...

On Implementing Hybrid Post-Quantum End-To-End Encryption

The emergence of quantum computing poses a fundamental threat to current public key cryptographic systems. This threat is necessitating a transition to quantum resistant cryptographic alternatives in all the applications. In this work, we present the implementation of a practical hybrid end-to-en...

EUVD-2025-203939

Amazon S3 Encryption Client for .NET has a Key Commitment Issue...

CVE-2025-14761

The CVE-2025-14761 issue affects the AWS SDK for PHP S3 Encryption Client. When the encrypted data key (EDK) is stored in an Instruction File rather than S3 metadata, a lack of key commitment can allow a rogue EDK to decrypt the same ciphertext to different plaintext. Affected behavior is describ...

EUVD-2025-203941

Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

Amazon S3 Encryption Client 安全漏洞

Amazon S3 Encryption Client is a client-side encryption library open-sourced by Amazon Web Services. A security vulnerability exists in Amazon S3 Encryption Client that stems from a lack of encryption key promises, which could cause a user with write access to an S3 storage bucket to introduce a...

EUVD-2002-2281

Malware in sbrugna...

EUVD-2022-5169

Malicious code in bioql PyPI...

CVE-2024-43382

Snowflake JDBC driver versions = 3.2.6 and = 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption...

CVE-2025-46329

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the target stage durin...