Lucene search
K

12 matches found

Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-48293

Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description An issue exists where the use of fromRouter:true and runtimeConstants.userRoles can cause aggregations to crash the MongoDB server. Recommendations At the moment, there is no informati...

7.1CVSS5.2AI score0.0027EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/11 7:44 p.m.5 views

CVE-2026-25611

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server...

8.7CVSS5.4AI score0.00782EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/10 5:52 p.m.6 views

CVE-2026-25611

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server...

8.7CVSS5.4AI score0.00782EPSS
Exploits0References4Affected Software1
FreeBSD
FreeBSD
added 2026/02/10 12:0 a.m.5 views

MongoDB Server -- CWE-617 Reachable Assertion

https://jira.mongodb.org/browse/SERVER-99119 reports: An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints...

7.1CVSS5.5AI score0.0024EPSS
Exploits0References1
OSV
OSV
added 2025/09/19 9:58 a.m.3 views

BIT-MONGODB-2025-10061 Malformed $group Query May Cause MongoDB Server to Crash

An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation. This vulnerability could lead to deni...

6.5CVSS6.7AI score0.00289EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/05 8:48 p.m.2 views

CVE-2025-10061 Malformed $group Query May Cause MongoDB Server to Crash

An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation. This vulnerability could lead to deni...

6.5CVSS6.2AI score0.00289EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2025/09/05 12:0 a.m.8 views

mongodb -- Malformed $group Query May Cause MongoDB Server to Crash

[email protected] reports: An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation. This...

6.5CVSS6.7AI score0.00289EPSS
Exploits0References1
NVD
NVD
added 2025/06/26 2:15 p.m.7 views

CVE-2025-6706

An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework operation using a specific...

8.8CVSS0.00214EPSS
Exploits0References1
CVE
CVE
added 2025/06/26 2:0 p.m.45 views

CVE-2025-6706

CVE-2025-6706 affects MongoDB Server when the SBE engine is enabled. An authenticated user can trigger a use-after-free via a specific aggregation pipeline pattern, potentially crashing the server and causing other unexpected behavior without needing shutdown privileges. Affected versions are Mon...

8.8CVSS7AI score0.00214EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/26 2:0 p.m.2 views

CVE-2025-6706 Running certain aggregation operations with the SBE engine may lead to unexpected behavior on MongoDB Server

An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework operation using a specific...

5CVSS7AI score0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/01 11:14 a.m.38 views

CVE-2025-3084 MongoDB Server may crash due to improper validation of explain command

When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Serve...

6.5CVSS0.00387EPSS
Exploits0References1
CVE
CVE
added 2025/04/01 11:14 a.m.81 views

CVE-2025-3084

CVE-2025-3084 affects MongoDB Server: 5.0 before 5.0.31, 6.0 before 6.0.20, 7.0 before 7.0.16, and 8.0 before 8.0.4. The root cause is improper validation of parameters for the explain command, which may be used to crash router servers. Impact is denial of service / crash (availability impact). R...

6.5CVSS7.2AI score0.00387EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder