17 matches found
CLEANSTART-2026-WA48911 authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users
Multiple security vulnerabilities affect the percona-server-mongodb-operator package. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. See...
CVE-2026-32952 vulnerabilities
Vulnerabilities for packages: opentofu, gitlab-runner, k6, trufflehog, harbor, rancher-agent, spqr, xeol, openbao, rancher-webhook, kyverno, teleport, ratify, zot, external-secrets-operator, rancher, telegraf, terraform, rclone, cert-manager-istio-csr, percona-server-mongodb-operator, gitea, dex,...
GHSA-PJCQ-XVWQ-HHPJ vulnerabilities
Vulnerabilities for packages: opentofu, gitlab-runner, k6, trufflehog, harbor, rancher-agent, spqr, xeol, openbao, rancher-webhook, kyverno, teleport, ratify, zot, external-secrets-operator, rancher, telegraf, terraform, rclone, cert-manager-istio-csr, percona-server-mongodb-operator, gitea, dex,...
CVE-2026-32952 vulnerabilities
Vulnerabilities for packages: ldap2pg, kyverno, sftpgo-plugin-auth, versitygw, cert-manager-istio-csr, rancher-agent, terraform-fips, teleport, cloudbeat-fips, elastic-agent, dex-fips, external-secrets-operator, packer-fips, openbao-fips, syncthing, xeol, neuvector-fips, cert-manager-cmctl,...
CVE-2026-40351
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object e.g., "$ne": "" as the password field. This NoSQL...
CVE-2026-40351 FastGPT: NoSQL Injection in loginByPassword leads to Authentication Bypass
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object e.g., "$ne": "" as the password field. This NoSQL...
EUVD-2026-23557
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object e.g., "$ne": "" as the password field. This NoSQL...
GHSA-PC3F-X583-G7J2 vulnerabilities
Vulnerabilities for packages: docker-cli-buildx-fips, k8ssandra-client, jitsucom-bulker, cert-manager-istio-csr, rancher-agent, velero, gpu-operator-fips, redis-operator-fips, teleport, eck-operator, cloudbeat-fips, kiali, velero-fips, headlamp, argo-cd-fips, eksctl, hubble-fips, hubble,...
PT-2026-33519
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object e.g., "$ne": "" as the password field. This NoSQL...
CVE-2026-25518 vulnerabilities
Vulnerabilities for packages: step-issuer, percona-server-mongodb-operator-fips, opentelemetry-operator-fips, cert-manager-webhook-pdns-fips, cert-manager-istio-csr, gitlab-operator, aws-privateca-issuer-fips, cert-manager-csi-driver, aws-privateca-issuer, cert-manager-openshift-routes,...
CVE-2026-25518 vulnerabilities
Vulnerabilities for packages: cert-manager-istio-csr, percona-server-mongodb-operator, opentelemetry-operator, cert-manager-webhook-pdns, cert-manager-cmctl, step-issuer, mariadb-operator, aws-privateca-issuer, cert-manager-csi-driver...
GHSA-GX3X-VQ4P-MHHV vulnerabilities
Vulnerabilities for packages: cert-manager-istio-csr, percona-server-mongodb-operator, opentelemetry-operator, cert-manager-webhook-pdns, cert-manager-cmctl, step-issuer, mariadb-operator, aws-privateca-issuer, cert-manager-csi-driver...
GHSA-GX3X-VQ4P-MHHV vulnerabilities
Vulnerabilities for packages: step-issuer, percona-server-mongodb-operator-fips, opentelemetry-operator-fips, cert-manager-webhook-pdns-fips, cert-manager-istio-csr, gitlab-operator, aws-privateca-issuer-fips, cert-manager-csi-driver, aws-privateca-issuer, cert-manager-openshift-routes,...
EUVD-2020-23328
Malware in sbrugna...
CVE-2020-35666
Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedosbase.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id$ne=1 value...
Sql injection
Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedosbase.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id$ne=1 value...
PT-2020-19848 · Mongodb · Mongodb Enterprise Kubernetes Operator
Name of the Vulnerable Software and Affected Versions: MongoDB Enterprise Kubernetes Operator versions 1.0 through 1.1 MongoDB Enterprise Kubernetes Operator version 1.2 through 1.2.3 MongoDB Enterprise Kubernetes Operator version 1.3 through 1.3.0 MongoDB Enterprise Kubernetes Operator version 1...