40 matches found
EUVD-2025-5465
Malicious code in bioql PyPI...
EUVD-2025-5464
Malicious code in bioql PyPI...
EUVD-2025-5466
Malicious code in bioql PyPI...
MongoDB Shell < 2.3.9 Control Character Injection (MONGOSH-2024, MONGOSH-2025, MONGOSH-2026)
The version of MongoDB Shell installed on the remote host is prior to 2.3.9. It is, therefore, affected by a vulnerability as referenced in the MONGOSH-2024, MONGOSH-2025, MONGOSH-2026 advisories. - The MongoDB Shell may be susceptible to control character injection where an attacker with control...
MongoDB Shell < 2.3.0 Control Character Injection (MONGOSH-2028)
The version of MongoDB Shell installed on the remote host is prior to 2.3.0. It is, therefore, affected by a vulnerability as referenced in the MONGOSH-2028 advisory. - mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a...
MongoDB Shell Installed (Linux)
Binary data mongodbshelllinuxinstalled.nbin...
MongoDB Shell Installed (MacOSX)
Binary data mongodbshellmacosinstalled.nbin...
CVE-2025-1693
The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to originate from mongosh or the underlying...
CVE-2025-1692
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. This issue...
CVE-2025-1691
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete...
GHSA-43G5-2WR2-Q7VJ MongoDB Shell may be susceptible to Control Character Injection via autocomplete
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete...
MongoDB Shell may be susceptible to control character injection via pasting
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. This issue...
MongoDB Shell may be susceptible to Control Character Injection via autocomplete
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete...
GHSA-973H-3X6P-QG37 MongoDB Shell may be susceptible to control character injection via pasting
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. This issue...
MongoDB Shell may be susceptible to control character Injection via shell output
The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to originate from mongosh or the underlying...
GHSA-R95J-4JVF-MRRW MongoDB Shell may be susceptible to control character Injection via shell output
The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to originate from mongosh or the underlying...
CVE-2025-1756 MongoDB Shell may be susceptible to local privilege escalation in Windows
mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\nodemodules. This issue affects mongosh prior to 2.3.0...
CVE-2025-1756
CVE-2025-1756 reports a local privilege escalation in mongosh when a crafted file is stored under C:\node_modules, affecting mongosh versions prior to 2.3.0. The vulnerability is described consistently across sources (NVD, MONGODB advisories, OSV, Nessus/NASL) as local, with low privileges requir...
CVE-2025-1756 MongoDB Shell may be susceptible to local privilege escalation in Windows
mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\nodemodules. This issue affects mongosh prior to 2.3.0...
CVE-2025-1691
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete...