143 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-25004
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affect...
Bridging the Security Knowledge Gap: Introducing AI ExplAIn for Imperva Cloud WAF
The challenge of maintaining robust web application security often comes down to communication. Security teams frequently spend countless hours explaining WAF blocking decisions to application developers who may lack security expertise. This communication gap not only creates friction between tea...
The vulnerability of the explain function in the MongoDB database management system allows a hacker to cause a service failure.
The vulnerability of the explain function in the MongoDB database management system is related to deficiencies in handling exceptional states. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
CVE-2023-22626
PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server...
FreeBSD : MongoDB -- crash due to improper validation of explain command (350b3389-107f-11f0-8195-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 350b3389-107f-11f0-8195-b42e991fc52e advisory. [email protected] reports: When run on commands with certain arguments set, explain may fail to validate...
CVE-2025-3084 MongoDB Server may crash due to improper validation of explain command
When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Serve...
CVE-2025-3084
CVE-2025-3084 affects MongoDB Server: 5.0 before 5.0.31, 6.0 before 6.0.20, 7.0 before 7.0.16, and 8.0 before 8.0.4. The root cause is improper validation of parameters for the explain command, which may be used to crash router servers. Impact is denial of service / crash (availability impact). R...
CVE-2025-3084 MongoDB Server may crash due to improper validation of explain command
When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Serve...
MongoDB Server may crash due to improper validation of explain command
When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Serve...
PT-2025-14096
Name of the Vulnerable Software and Affected Versions MongoDB Server versions 5.0 prior to 5.0.31 MongoDB Server versions 6.0 prior to 6.0.20 MongoDB Server versions 7.0 prior to 7.0.16 MongoDB Server versions 8.0 prior to 8.0.4 Description The issue arises when the explain command is run with...
MongoDB -- crash due to improper validation of explain command
[email protected] reports: When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to...
MongoDB Server 安全漏洞
MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A denial of service vulnerability exists in MongoDB Server. The vulnerability...
PingCAP TiDB 安全漏洞
PingCAP TiDB is an open source, cloud-native, distributed, MySQL-compatible database for elastic scaling and real-time analytics from China-based PingCAP. A security vulnerability exists in PingCAP TiDB version v8.1.0, which stems from a buffer overflow issue contained in the...
BIT-PARSE-2021-39187 Crash server with query parameter
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an...
BIT-DJANGO-2022-28347
A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...
CVE-2023-30555
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases.Affected versions are subject to SQL injection in the explain method in sqloptimize.py. User input coming from the dbname...
Sql injection
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases.Affected versions are subject to SQL injection in the explain method in sqloptimize.py. User input coming from the dbname...
CVE-2023-30555 SQL injection in sql_optimize.py explain method in Archery - GHSL-2022-108
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases.Affected versions are subject to SQL injection in the explain method in sqloptimize.py. User input coming from the dbname...
CVE-2023-30555
CVE-2023-30555 concerns Archery, an open-source SQL audit platform, with multiple SQL injection vulnerabilities in the explain endpoint. The root cause is that user input from the db_name parameter is passed to database engine queries (query methods in sql/engines/mssql.py and sql/engines/oracle....
PT-2023-22782 · Archery · Archery
Name of the Vulnerable Software and Affected Versions: Archery affected versions not specified Description: The Archery project contains multiple SQL injection vulnerabilities, allowing an attacker to query connected databases. The issue arises from the explain method in sql optimize.py, where us...