Lucene search
K

44 matches found

OSV
OSV
added 2026/05/19 8:53 a.m.4 views

BIT-MONGODB-2026-8336 Post-authentication use-after-free error in $_internalJsEmit and mapreduce commands

After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.13 views

CVE-2026-8336

After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 6:30 p.m.13 views

EUVD-2026-29893

After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 4:17 a.m.14 views

CVE-2026-8336

After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...

7.7CVSS0.00255EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:16 a.m.7 views

CVE-2026-8336

After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/13 12:16 a.m.19 views

CVE-2026-8336

CVE-2026-8336 describes a post-authentication use-after-free in MongoDB Server related to $_internalJsEmit and mapreduce map function usage. According to the provided documents, when an authenticated user invokes these elements (with server-side JavaScript engine features such as $where, $functio...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 12:16 a.m.9 views

CVE-2026-8336 Post-authentication use-after-free error in $_internalJsEmit and mapreduce commands

After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 12:16 a.m.56 views

CVE-2026-8336 Post-authentication use-after-free error in $_internalJsEmit and mapreduce commands

After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...

7.7CVSS0.00255EPSS
Exploits0References1
OSV
OSV
added 2026/05/13 12:16 a.m.3 views

CVE-2026-8336 Post-authentication use-after-free error in $_internalJsEmit and mapreduce commands

After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...

7.7CVSS5.9AI score0.00255EPSS
Exploits0References3
MongoDB
MongoDB
added 2026/05/13 12:16 a.m.9 views

Post-authentication use-after-free error in $_internalJsEmit and mapreduce commands

After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.18 views

PT-2026-40531

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 7.0.34 MongoDB Server versions prior to 8.0.23 MongoDB Server versions prior to 8.2.9 MongoDB Server versions prior to 8.3.2 Description An authenticated user can cause a denial-of-service by crashing mongod...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-0795

Malware in sbrugna...

6.5CVSS7.3AI score0.0221EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3881

Malicious code in bioql PyPI...

6.2CVSS6.4AI score0.00318EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-24614

Malicious code in bioql PyPI...

9CVSS6.6AI score0.0033EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-3516

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.04827EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/08/15 5:30 p.m.9 views

CVE-2025-8904

Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Users are advised to upgrade to Amazon EMR versio...

9CVSS7.2AI score0.0033EPSS
Exploits0References1
NVD
NVD
added 2025/08/13 6:15 p.m.7 views

CVE-2025-8904

Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Users are advised to upgrade to Amazon EMR versio...

9CVSS0.0033EPSS
Exploits0References3
CVE
CVE
added 2025/08/13 5:6 p.m.29 views

CVE-2025-8904

The CVE-2025-8904 issue involves Amazon EMR Secret Agent storing Kerberos credentials in a keytab file under /tmp, which could be accessed by other users and lead to privilege escalation. Affected software: Amazon EMR Secret Agent component. Root cause: keytab with Kerberos credentials is written...

9CVSS7.1AI score0.0033EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/13 5:6 p.m.13 views

CVE-2025-8904 Privilege escalation issue in Amazon EMR Secret Agent component

Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Users are advised to upgrade to Amazon EMR versio...

9CVSS0.0033EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/13 5:6 p.m.6 views

CVE-2025-8904 Privilege escalation issue in Amazon EMR Secret Agent component

Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Users are advised to upgrade to Amazon EMR versio...

9CVSS7.1AI score0.0033EPSS
Exploits0References3
Rows per page
Query Builder