51 matches found
Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CVE-2026-27727)
Summary There are vulnerabilities in mchange-commons-java-0.2.15.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-27727. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-27727 DESCRIPTION: mchange-commons-java, a library that provides Java utilities,...
Security Bulletin: MongoDB Enterprised Advanced affected by: Uncontrolled Resource Consumption (CVE-2026-1605)
Summary There are vulnerabilities in jetty-server-12.0.22.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-1605. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-1605 DESCRIPTION: In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class...
Security Bulletin: MongoDB Enterprised Advanced affected by: Improperly Controlled Modification of Object Prototype Attributes (CVE-2025-13465)
Summary There are vulnerabilities in lodash-4.17.21.tgz, lodash-es-4.17.21.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-13465. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are...
Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Control of Generation of Code ('Code Injection') (CVE-2026-27830)
Summary There are vulnerabilities in c3p0-0.9.5.4.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-27830. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-27830 DESCRIPTION: c3p0, a JDBC Connection pooling library, is vulnerable to attack via...
Security Bulletin: MongoDB Enterprised Advanced affected by: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), URL Redirection to Untrusted Site ('Open Redirect'), and 3 more (CVE-2026-24880, CVE-2026-25854, and 3 more)
Summary There are vulnerabilities in tomcat-embed-core-10.1.52.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-24880, CVE-2026-25854, CVE-2026-29145, CVE-2026-29146, CVE-2026-32990. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-24880 DESCRIPTIO...
Security Bulletin: MongoDB Enterprised Advanced affected by: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') (CVE-2026-2332)
Summary There are vulnerabilities in jetty-http-12.0.22.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-2332. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling...
Security Bulletin: MongoDB Enterprised Advanced affected by: Use of a Broken or Risky Cryptographic Algorithm, Covert Timing Channel (CVE-2025-14813, CVE-2026-5598)
Summary There are vulnerabilities in bcprov-jdk18on-1.83.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-14813, CVE-2026-5598. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm...
Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') (CVE-2026-0636)
Summary There are vulnerabilities in bcprov-jdk18on-1.83.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-0636. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-0636 DESCRIPTION: Improper neutralization of special elements used in an LDAP query 'LDAP...
Security Bulletin: MongoDB Enterprised Advanced affected by: Use of a Broken or Risky Cryptographic Algorithm (CVE-2026-5588)
Summary There are vulnerabilities in bcpkix-jdk18on-1.83.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-5588. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-5588 DESCRIPTION: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion...
Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2025-67030)
Summary There are vulnerabilities in plexus-utils-3.5.1.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-67030. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability in the extractFile method of...
Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Locking (CVE-2026-22735)
Summary There are vulnerabilities in spring-web-6.2.15.jar, spring-webmvc-6.2.15.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22735. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-22735 DESCRIPTION: Spring MVC and WebFlux applications are...
Security Bulletin: MongoDB Enterprised Advanced affected by: Authentication Bypass Using an Alternate Path or Channel (CVE-2026-22731, CVE-2026-22733)
Summary There are vulnerabilities in spring-boot-actuator-autoconfigure-3.5.9.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22731, CVE-2026-22733. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with...
Security Bulletin: MongoDB Enterprised Advanced affected by: Uncontrolled Resource Consumption (CVE-2026-22740)
Summary There are vulnerabilities in spring-web-6.2.17.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22740. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22740 DESCRIPTION: A WebFlux server application that processes multipart requests create...
Security Bulletin: MongoDB Enterprised Advanced affected by: Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-2026-22751)
Summary There are vulnerabilities in spring-security-core-6.5.9.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22751. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-22751 DESCRIPTION: Vulnerability in Spring Spring Security. Applications that...
Security Bulletin: MongoDB Enterprised Advanced affected by: Missing Critical Step in Authentication (CVE-2026-40542)
Summary There are vulnerabilities in httpclient5-5.6.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-40542. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-40542 DESCRIPTION: Missing critical step in authentication in Apache HttpClient 5.6 allows an...
Security Bulletin: MongoDB Enterprised Advanced affected by: Observable Timing Discrepancy (CVE-2026-22746)
Summary There are vulnerabilities in spring-security-core-6.5.9.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22746. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-22746 DESCRIPTION: Vulnerability in Spring Spring Security. If an application is...
Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Link Resolution Before File Access ('Link Following'), Use of Insufficiently Random Values, Insecure Temporary File (CVE-2026-40977, CVE-2026-40975, CVE-2026-40973)
Summary There are vulnerabilities in spring-boot-3.5.12.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-40977, CVE-2026-40975, CVE-2026-40973. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as...
Security Bulletin: MongoDB Enterprised Advanced affected by: Use of Cache Containing Sensitive Information (CVE-2026-22741)
Summary There are vulnerabilities in spring-webmvc-6.2.17.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22741. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22741 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to cache...
Security Bulletin: MongoDB Enterprised Advanced affected by: Allocation of Resources Without Limits or Throttling (CVE-2026-29181)
Summary There are vulnerabilities in go.opentelemetry.io/otel-v1.37.0, go.opentelemetry.io/otel-v1.38.0, go.opentelemetry.io/otel-v1.40.0 used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-29181. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-29181...
Security Bulletin: MongoDB Enterprised Advanced affected by: Exposure of Resource to Wrong Sphere and NULL Pointer Dereference (CVE-2026-34765, CVE-2026-34781)
Summary There are vulnerabilities in electron-37.8.0.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-34765, CVE-2026-34781. The vulnerability has/vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-34765 DESCRIPTION: Electron is a framework for writing...