5452 matches found
CVE-2026-8843
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
UBUNTU-CVE-2026-8843
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
CVE-2026-8843
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
CVE-2026-8843 Calling createIndex with certain index types can crash mongod
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
CVE-2026-8843 Calling createIndex with certain index types can crash mongod
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
CVE-2026-8843
Technical details are not publicly available in the provided documents. Monitor for updates.
EUVD-2026-30777
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
Calling createIndex with certain index types can crash mongod
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
Security update for google-cloud-sap-agent
This update for google-cloud-sap-agent fixes the following issue: CVE-2026-34986: github.com/go-jose/go-jose/v4: processing of JWE object with empty encryptedkey field but key wrapping algorithm set can lead to a denial of service bsc1262936. Patch Instructions: To install this SUSE update use th...
SUSE-SU-2026:1938-1 Security update for google-cloud-sap-agent
This update for google-cloud-sap-agent fixes the following issue: - CVE-2026-34986: github.com/go-jose/go-jose/v4: processing of JWE object with empty encryptedkey field but key wrapping algorithm set can lead to a denial of service bsc1262936...
SUSE-SU-2026:1935-1 Security update for google-cloud-sap-agent
This update for google-cloud-sap-agent fixes the following issue: - CVE-2026-34986: github.com/go-jose/go-jose/v4: processing of JWE object with empty encryptedkey field but key wrapping algorithm set can lead to a denial of service bsc1262936...
PT-2026-41684
Creating a "2dsphere bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryable encrypted range" indices. This issue affects MongoDB...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There were security vulnerabilities in MongoDB Server versions prior to 7.0...
Insufficiently Protected Credentials
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Insufficiently Protected Credentials with the credentialName filter parameter, over the credentials API endpoint. An attacker can access encryptedData, containing encrypted credential data such as API keys,...
FlowiseAI Vulnerable to Credential Data Leak
Severity: HIGH CVSS 7.5 Type: CWE-200 Exposure of Sensitive Information File: packages/server/src/services/credentials/index.ts:62-71 Description: When credentials are fetched with a credentialName filter parameter, the encryptedData field is NOT stripped from the response. The code properly omit...
GHSA-7G73-99R4-M4MJ FlowiseAI Vulnerable to Credential Data Leak
Severity: HIGH CVSS 7.5 Type: CWE-200 Exposure of Sensitive Information File: packages/server/src/services/credentials/index.ts:62-71 Description: When credentials are fetched with a credentialName filter parameter, the encryptedData field is NOT stripped from the response. The code properly omit...
BIT-MONGODB-2026-8201 Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields
A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...
SUSE-SU-2026:21659-1 Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes one security issue The following security issue was fixed: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264459...
PT-2026-41208
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description An issue exists where the encryptedData field is not stripped from the response when credentials are fetched using a credentialName filter parameter. While the system correctly omits this field when ...
github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object
A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...