Lucene search
K

3436 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 2:13 p.m.4 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), URL Redirection to Untrusted Site ('Open Redirect'), and 3 more (CVE-2026-24880, CVE-2026-25854, and 3 more)

Summary There are vulnerabilities in tomcat-embed-core-10.1.52.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-24880, CVE-2026-25854, CVE-2026-29145, CVE-2026-29146, CVE-2026-32990. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-24880 DESCRIPTIO...

9.1CVSS5.8AI score0.03494EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 2:11 p.m.4 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') (CVE-2026-2332)

Summary There are vulnerabilities in jetty-http-12.0.22.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-2332. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling...

9.1CVSS5.3AI score0.01127EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 2:10 p.m.5 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Use of a Broken or Risky Cryptographic Algorithm, Covert Timing Channel (CVE-2025-14813, CVE-2026-5598)

Summary There are vulnerabilities in bcprov-jdk18on-1.83.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-14813, CVE-2026-5598. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm...

9.9CVSS5.3AI score0.00691EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/16 11:48 a.m.3 views

BIT-MONGODB-2026-9750 Metadata name collision on $-prefixed fields causes post-auth server crash

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS5.7AI score0.00368EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 11:48 a.m.4 views

BIT-MONGODB-2026-9747 Crafted cross-shard merge aggregation crashes MongoDB Server

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

7.1CVSS5.2AI score0.0027EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 11:48 a.m.5 views

BIT-MONGODB-2026-9743 Aggregation sub-pipeline null dereference may allow DoS via crafted getMore

In MongoDB Server 8.0, an aggregation stage can leave its subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline when reattaching to the operation context, accessing an invalid addres...

7.1CVSS5.4AI score0.00307EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 11:48 a.m.7 views

BIT-MONGODB-2026-9740 Unbounded recursion in BSONColumn interleaved-reference causes pre-auth stack overflow

A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions,...

8.7CVSS5.3AI score0.00345EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 11:48 a.m.5 views

BIT-MONGODB-2026-9735 Keyfile contents are in MongoDB Server logs

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS5.4AI score0.00119EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-50179

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description An authenticated user with workflow edit access can provide a malicious filter value within the MongoDB node's Find And Replace operation. Because the value is not validated before being used as a query...

7.7CVSS5.8AI score0.0026EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.26 views

MongoDB 4.4.x < 4.4.31 / 5.0.x < 5.0.34 / 6.0.x < 6.0.29 / 7.0.x < 7.0.37 / 8.0.x < 8.0.26 / 8.2.x < 8.2.11 / 8.3.x < 8.3.4 Use-After-Free (CVE-2026-11933)

The version of MongoDB installed on the remote host is 4.4.x prior to 4.4.31, 5.0.x prior to 5.0.34, 6.0.x prior to 6.0.29, 7.0.x prior to 7.0.37, 8.0.x prior to 8.0.26, 8.2.x prior to 8.2.11, or 8.3.x prior to 8.3.4. It is, therefore, affected by a use-after-free vulnerability: - A use-after-fre...

8.8CVSS5.9AI score0.00384EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 10:20 p.m.5 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') (CVE-2026-0636)

Summary There are vulnerabilities in bcprov-jdk18on-1.83.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-0636. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-0636 DESCRIPTION: Improper neutralization of special elements used in an LDAP query 'LDAP...

6.9CVSS4.8AI score0.00527EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 10:18 p.m.5 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Use of a Broken or Risky Cryptographic Algorithm (CVE-2026-5588)

Summary There are vulnerabilities in bcpkix-jdk18on-1.83.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-5588. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-5588 DESCRIPTION: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion...

7.5CVSS7.1AI score0.00392EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 10:16 p.m.5 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2025-67030)

Summary There are vulnerabilities in plexus-utils-3.5.1.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-67030. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability in the extractFile method of...

8.8CVSS5.9AI score0.00663EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 10:14 p.m.5 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Locking (CVE-2026-22735)

Summary There are vulnerabilities in spring-web-6.2.15.jar, spring-webmvc-6.2.15.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22735. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-22735 DESCRIPTION: Spring MVC and WebFlux applications are...

2.6CVSS4.9AI score0.00112EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 10:13 p.m.4 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Authentication Bypass Using an Alternate Path or Channel (CVE-2026-22731, CVE-2026-22733)

Summary There are vulnerabilities in spring-boot-actuator-autoconfigure-3.5.9.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22731, CVE-2026-22733. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with...

8.2CVSS7.6AI score0.0036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 8:42 p.m.4 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Uncontrolled Resource Consumption (CVE-2026-22740)

Summary There are vulnerabilities in spring-web-6.2.17.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22740. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22740 DESCRIPTION: A WebFlux server application that processes multipart requests create...

6.5CVSS5.3AI score0.00344EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 8:41 p.m.4 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-2026-22751)

Summary There are vulnerabilities in spring-security-core-6.5.9.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22751. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-22751 DESCRIPTION: Vulnerability in Spring Spring Security. Applications that...

4.8CVSS5.2AI score0.00124EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 8:41 p.m.7 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Missing Critical Step in Authentication (CVE-2026-40542)

Summary There are vulnerabilities in httpclient5-5.6.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-40542. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-40542 DESCRIPTION: Missing critical step in authentication in Apache HttpClient 5.6 allows an...

7.3CVSS5.2AI score0.00456EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 8:41 p.m.5 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Observable Timing Discrepancy (CVE-2026-22746)

Summary There are vulnerabilities in spring-security-core-6.5.9.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22746. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-22746 DESCRIPTION: Vulnerability in Spring Spring Security. If an application is...

3.7CVSS5.2AI score0.00215EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 8:41 p.m.4 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Link Resolution Before File Access ('Link Following'), Use of Insufficiently Random Values, Insecure Temporary File (CVE-2026-40977, CVE-2026-40975, CVE-2026-40973)

Summary There are vulnerabilities in spring-boot-3.5.12.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-40977, CVE-2026-40975, CVE-2026-40973. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as...

8.2CVSS5.6AI score0.00312EPSS
Exploits0Affected Software1
Rows per page
Query Builder