47 matches found
CVE-2026-9748
The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines...
EUVD-2026-35864
The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines...
CVE-2026-9748
The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines...
UBUNTU-CVE-2026-9748
The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines...
CVE-2026-9748 $_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries input
The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines...
CVE-2026-9748
The CVE-2026-9748 issue affects MongoDB’s mongod when the $_internalConvertBucketIndexStats stage is used before $facet. It treats PauseExecution as an internal TeeBuffer signal rather than a general skip, causing an invariant assertion and a crash when processing no timeseries input. The descrip...
$_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries input
The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines...
PT-2026-48294
Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description A denial of service occurs when the $ internalConvertBucketIndexStats stage uses PauseExecution to signal that a document should be skipped following a failed index stats conversion...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, Inc. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from the use of PauseExecution...
EUVD-2022-33410
Malicious code in bioql PyPI...
DRUPAL-CONTRIB-2025-099
This module enables you to to easily create and manage faceted search interfaces. The module doesn't sufficiently check access to entities when they are displayed as facets. This vulnerability is mitigated by the fact that only sites that show facets with entity labels like taxonomy terms are...
Facets - Moderately critical - Information Disclosure - SA-CONTRIB-2025-099
This module enables you to to easily create and manage faceted search interfaces. The module doesn't sufficiently check access to entities when they are displayed as facets. This vulnerability is mitigated by the fact that only sites that show facets with entity labels like taxonomy terms are...
Malicious code in facet-cli (npm)
The package facet-cli was found to contain malicious code...
MAL-2025-20146 Malicious code in facet-cli (npm)
The package facet-cli was found to contain malicious code...
CVE-2022-28979
Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting XSS vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute...
Malicious code in facet-mmleditor (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-11358 Malicious code in facet-mmleditor (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in @facetca/facet-ruler (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in @facetca/facet-mmleditor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3afa70fa6de6ec83d479072d976210414be16f6e5f35019f8aadd2e0c6c4ec91 The OpenSSF Package Analysis project identified '@facetca/facet-mmleditor' @ 3.0.3 npm as malicious. It is considered malicious because: - The...
CVE-2024-31984 XWiki Platform: Remote code execution through space title and Solr space facet
XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the Solr-based search in XWiki. This allows any user who can edi...