15 matches found
CVE-2026-54313 n8n: NoSQL Injection in MongoDB Node Find And Replace Operation
n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing...
CVE-2026-54313
n8n: NoSQL Injection in MongoDB Node Find And Replace Operation (CVE-2026-54313). Affected software: n8n open-source workflow automation platform. Vulnerable component: MongoDB node’s Find And Replace operation prior to version 2.24.0. Root cause: An authenticated user with workflow edit access c...
n8n: NoSQL Injection in MongoDB Node Find And Replace Operation
Impact An authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing unintended documents to be matched and overwritten with...
db-security-ctf
Database Security – CTF Vulnerability Lab SEC304 / CN5134...
FastGPT 安全漏洞
FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.14.9.5 contained a security vulnerability. This vulnerability stemmed from the password-changing endpoint, which was vulnerable to NoSQL injection...
EUVD-2018-0407
Malware in sbrugna...
PT-2022-21163 · Unknown · Rocket.Chat
Name of the Vulnerable Software and Affected Versions: Rockert.Chat versions prior to 5 Description: A information disclosure issue exists due to the lack of sanitization of user inputs in the /api/v1/chat.getThreadsList endpoint, which can leak private thread messages to unauthorized users via...
Rocket.Chat 安全漏洞
Rocket.Chat is an open source team chat software. Chat 5.0 before the version of the information leakage vulnerability, the vulnerability stems from /api/v1/chat.getThreadsList lack of user input cleanup, an attacker can exploit the vulnerability through the Mongo DB injection will be private...
Rocket.Chat: Message ID Enumeration with Action Link Handler
Summary The actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries. Releases Affected: The Meteor method actionLinkHandler calls an actionLinks wrapper getMessage to find affected messages: javascript Meteor.methods actionLinkHandlername, messageId if...
GitHub Security Lab: Java : add MongoDB injection sinks
This bug was reported directly to GitHub Security Lab...
CVE-2018-3783
A privilege escalation detected in flintcms versions = 1.1.9 allows account takeover due to blind MongoDB injection in password reset...
CVE-2018-3783
A privilege escalation detected in flintcms versions = 1.1.9 allows account takeover due to blind MongoDB injection in password reset...
Design/Logic Flaw
A privilege escalation detected in flintcms versions = 1.1.9 allows account takeover due to blind MongoDB injection in password reset...
CVE-2018-3783
A privilege escalation detected in flintcms versions = 1.1.9 allows account takeover due to blind MongoDB injection in password reset...
CVE-2018-3783
CVE-2018-3783 applies to FlintCMS. Several advisories confirm a privilege escalation vulnerability in FlintCMS versions