CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/06/12 6:34 p.m.•10 views

CVE-2026-53724 Parse Server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist

2.1CVSS5.1AI score0.00281EPSS

CVE•added 2026/06/12 6:34 p.m.•13 views

CVE-2026-53724

CVE-2026-53724 – Parse Server Stored XSS (trailing-dot bypass) affects Parse Server prior to versions 8.6.79 and 9.9.1-alpha.4. A trailing dot on a filename bypasses the default file upload extension blocklist by making the extension parser yield an empty string, allowing the attacker-controlled ...

2.1CVSS5.2AI score0.00281EPSS

SUSE CVE•added 2026/05/22 2:21 a.m.•9 views

SUSE CVE-2026-9100

The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads those files via the legacy API to either crash via a division-by-zero or silently leak process memo...

Tenable Nessus•added 2026/05/22 12:0 a.m.•17 views

Linux Distros Unpatched Vulnerability : CVE-2026-9100

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection...

RedhatCVE•added 2026/05/21 8:29 a.m.•11 views

CVE-2026-9100

A flaw was found in the MongoDB C Driver's legacy GridFS API. This vulnerability allows an attacker to craft malicious documents in a GridFS collection. When an application reads these crafted files via the legacy API, it may either crash due to a division-by-zero error, leading to a Denial of...

6CVSS5.6AI score0.00281EPSS

Exploits0References2

Snyk•added 2026/05/20 5:48 p.m.•10 views

Improper Validation of Specified Index, Position, or Offset in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input via the legacy GridFS file reader API. An attacker can cause a crash or leak process memory contents by supplying crafted documents with malformed file metadata to the...

NVD•added 2026/05/20 5:16 p.m.•15 views

Exploits0References2

CVE-2026-9100

6CVSS0.00281EPSS

UbuntuCve•added 2026/05/20 5:16 p.m.•12 views

CVE-2026-9100

OSV•added 2026/05/20 5:16 p.m.•4 views

Exploits0References2

UBUNTU-CVE-2026-9100

Vulnrichment•added 2026/05/20 3:55 p.m.•7 views

CVE-2026-9100 Heap memory out of bounds read and crash in C Driver legacy GridFS file reader

Cvelist•added 2026/05/20 3:55 p.m.•35 views

CVE-2026-9100 Heap memory out of bounds read and crash in C Driver legacy GridFS file reader

6CVSS0.00281EPSS

EUVD•added 2026/05/20 3:55 p.m.•7 views

EUVD-2026-31132

CVE•added 2026/05/20 3:55 p.m.•21 views

CVE-2026-9100

The CVE-2026-9100 entry affects the MongoDB C Driver’s legacy GridFS API. The issue arises when reading GridFS metadata with the legacy API, where malformed metadata from the database can trigger a crash (division-by-zero) or an out-of-bounds read that leaks process memory. Reports in connected r...

ATTACKERKB•added 2026/05/20 3:55 p.m.•8 views

CVE-2026-9100

Exploits0References2Affected Software1

Debian CVE•added 2026/05/20 3:55 p.m.•6 views

CVE-2026-9100

MongoDB•added 2026/05/20 3:55 p.m.•12 views

Exploits0

Heap memory out of bounds read and crash in C Driver legacy GridFS file reader

Exploits0References1Affected Software1

CNNVD•added 2026/05/20 12:0 a.m.•7 views

MongoDB C Driver 安全漏洞

The MongoDB C Driver is an open-source client driver library for connecting to and operating MongoDB databases in C-language programs. There is a security vulnerability in the MongoDB C Driver, which stems from the lack of proper validation of file metadata by the traditional GridFS API. This...