CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

OSV•added 2026/05/14 8:50 a.m.•1 views

BIT-MONGODB-2026-8201 Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

8.8CVSS5.8AI score0.0003EPSS

Exploits0References2

Tenable Nessus•added 2026/05/14 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-8201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshare...

8.8CVSS5.8AI score0.0003EPSS

Exploits0References2

EUVD•added 2026/05/13 6:30 p.m.•3 views

EUVD-2026-29892

8.8CVSS5.8AI score0.0003EPSS

Exploits0References2

NVD•added 2026/05/13 4:17 a.m.•2 views

CVE-2026-8201

8.8CVSS0.0003EPSS

Exploits0References1

UbuntuCve•added 2026/05/13 4:17 a.m.•3 views

CVE-2026-8201

8.8CVSS5.8AI score0.0003EPSS

Exploits0References1

Vulnrichment•added 2026/05/13 12:12 a.m.•1 views

CVE-2026-8201 Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields

6.4CVSS5.8AI score0.0003EPSS

Exploits0References1

CVE•added 2026/05/13 12:12 a.m.•12 views

CVE-2026-8201

A use-after-free vulnerability exists in MongoDB’s Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering the issue requires control over the structure of a client’s FLE-related query. Affected MongoDB Server components and ve...

8.8CVSS5.8AI score0.0003EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/13 12:12 a.m.•31 views

CVE-2026-8201 Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields

6.4CVSS0.0003EPSS

Exploits0References1

ATTACKERKB•added 2026/05/13 12:12 a.m.•4 views

CVE-2026-8201

6.4CVSS5.8AI score0.0003EPSS

Exploits0References2Affected Software1

MongoDB•added 2026/05/13 12:12 a.m.•4 views

Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields

8.8CVSS5.8AI score0.0003EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/05/13 12:0 a.m.•5 views

MongoDB Server 资源管理错误漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, Inc. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. Versions of MongoDB Server prior to 7.0.34, 8.0.23, 8.2.9, and 8.3.2 contain a resource...

8.8CVSS5.8AI score0.0003EPSS

Exploits0References1

Positive Technologies•added 2026/05/13 12:0 a.m.•2 views

PT-2026-40530

Name of the Vulnerable Software and Affected Versions mongocryptd versions prior to 7.0.34 mongocryptd versions prior to 8.0.23 mongocryptd versions prior to 8.2.9 mongocryptd versions prior to 8.3.2 Description A use-after-free issue exists in the Field-Level Encryption FLE query analysis...

8.8CVSS6AI score0.0003EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2021-0871

Malware in sbrugna...

6.8CVSS6.5AI score0.00125EPSS

Exploits0References6

Tenable Nessus•added 2025/08/27 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2021-20328

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server's...

6.8CVSS6.7AI score0.00129EPSS

Exploits0References2

OSV•added 2022/05/24 10:28 p.m.•0 views

GHSA-RGHW-6PX2-FGWC Improper Certificate Validation in MongoDB

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.8CVSS7.1AI score0.00129EPSS

Exploits0References2

Github Security Blog•added 2022/05/24 10:28 p.m.•22 views

Improper Certificate Validation in MongoDB

6.8CVSS2.1AI score0.00129EPSS

Exploits0References3Affected Software4

RedHat Linux•added 2021/12/02 4:17 p.m.•1 views

mongo-java-driver: client-side field level encryption not verifying KMS host name

6.8CVSS5.8AI score0.00129EPSS

Exploits0References4

RedHat Linux•added 2021/11/23 10:34 a.m.•1 views

mongo-java-driver: client-side field level encryption not verifying KMS host name

6.8CVSS5.8AI score0.00129EPSS

Exploits0References4

Github Security Blog•added 2021/04/12 6:51 p.m.•46 views

mongodb-client-encryption vulnerable to Improper Certificate Validation

A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and th...

6.8CVSS6.2AI score0.00125EPSS

Exploits0References5Affected Software1

RedHat Linux•added 2021/03/16 11:57 a.m.•1 views

mongo-java-driver: client-side field level encryption not verifying KMS host name

6.8CVSS5.8AI score0.00129EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by