ROS-20260526-73-0012

Vulnerability in mongodb-org related to a flaw in the use of assert. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2026-32248 Parse Server: Account takeover via operator injection in authentication data identifier

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user...

EUVD-2019-13990

Malware in sbrugna...

CVE-2025-34227 Nagios XI < 2026R1 Configuration Wizard Authenticated Command Injection

Nagios XI 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provided to the service and execute arbitrary system...

ROS-20250806-09

A vulnerability in the MongoDB database management system server is related to excessive iteration. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service MongoDB database management system vulnerability is related to the fact that the software stor...

MongoDB 2.0.1 / 2.1.1 / 2.1.4 / 2.1.5 Local Password Disclosure

Title: MongoDB MONGOSH Password Exposure Vulnerability Product: MongoDB database Tool: mongosh Affected Versions: 2.0.1 , 2.1.1,2.1.4,2.1.5 Tested Versions: 2.0.1 , 2.1.1,2.1.4,2.1.5 Risk Level: Low Author of Advisory: Emad Al-Mousa Vulnerability Details: Vulnerability in MongoDB database system...

PT-2021-2652 · Mongodb · Mongodb Database Tools

Name of the Vulnerable Software and Affected Versions: MongoDB Database Tools versions 3.6.6 through 3.6.20 MongoDB Database Tools versions prior to 3.6.21 MongoDB Database Tools versions prior to 4.0.21 MongoDB Database Tools versions prior to 4.2.11 MongoDB Database Tools 100 versions prior to...

Choice Hotels Breach Showcases Need for Shared Responsibility Model

Hospitality giant Choice Hotels fell victim to hackers this week, thanks to a MongoDB database that was left open to the internet containing 700,000 customer records. The situation highlights supply-chain data-security risk, given that the data was being held by a third-party vendor — and brings ...

PT-2019-17051 · Ibm +2 · Ibm Spectrum Protect Plus +2

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect Plus versions 10.1.0 through 10.1.3 Description: The issue concerns an escalation of user privileges that may occur during a redirected restore operation when protecting Oracle or MongoDB databases. Recommendations: For...

Almost Half A Million Delhi Citizens' Personal Data Exposed Online

Exclusive — A security researcher has identified an unsecured server that was leaking detailed personal details of nearly half a million Indian citizens... thanks to another MongoDB database instance that company left unprotected on the Internet accessible to anyone without password. In a report...

Almost Half A Million Delhi Citizens' Personal Data Exposed Online

Exclusive — A security researcher has identified an unsecured server that was leaking detailed personal details of nearly half a million Indian citizens... thanks to another MongoDB database instance that company left unprotected on the Internet accessible to anyone without password. In a report...

SUSE-SU-2015:0751-1 Security update for mongodb

The MongoDB database did validate BSON incorrectly, which could have lead to remote attackers being able to crash the database before authentication. CVE-2015-1609 Security Issues: CVE-2015-1609...