Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Input Validation vulnerability (CVE-2025-15284, CVE-2026-2391)

Summary There are vulnerabilities in qs-6.14.0.tgz, qs-6.14.1.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-15284, CVE-2026-2391. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs...

CVE-2025-14847

MongoDB vulnerability CVE-2025-14847 (MongoBleed) arises from mismatched length fields in zlib decompression headers, allowing unauthenticated read of uninitialized heap memory. Affected versions include MongoDB Server 3.6.x and 4.x lines (various latest vulnerable builds), 5.0.x, 6.0.x, 7.0.x, 8...

EUVD-2013-4256

Malware in sbrugna...

EUVD-2022-53429

Malicious code in bioql PyPI...

CVE-2025-34227 Nagios XI < 2026R1 Configuration Wizard Authenticated Command Injection

Nagios XI 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provided to the service and execute arbitrary system...

Linux Distros Unpatched Vulnerability : CVE-2024-7553

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This...

CVE-2022-32229

A information disclosure vulnerability exists in Rockert.Chat...

CVE-2024-20489

A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running...

CVE-2022-32229

A information disclosure vulnerability exists in Rockert.Chat v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection...

Information disclosure

A information disclosure vulnerability exists in Rockert.Chat v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection...

CVE-2022-32229

A information disclosure vulnerability exists in Rockert.Chat v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection...

CVE-2022-32229

A information disclosure vulnerability exists in Rockert.Chat v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection...

CVE-2022-32229

CVE-2022-32229 affects Rocket.Chat prior to 5.x, caused by lack of sanitization in the /api/v1/chat.getThreadsList endpoint. This MongoDB injection flaw can disclose private thread messages to unauthorized users, as demonstrated by the HackerOne report and multiple CVE references. The issue impac...

Rocket.Chat: API route chat.getThreadsList leaks private message content

Summary The /api/v1/chat.getThreadsList does not sanitize user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection. Description The chat.getThreadsList API route is defined in app/api/server/v1/chat.jsL522-L572: javascript const rid, type, text =...

CVE-2013-4374

An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files...

Design/Logic Flaw

An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files...

CVE-2013-4374

An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files...

CVE-2013-4374

CVE-2013-4374 describes an insecure temporary file storage vulnerability in the RHQ MongoDB Drift Server up to 2013-09-25, triggered when unpacking zipped files. The flaw causes unpacked files to land in a world-writable directory, which could permit local attackers to modify/tamper with files an...