CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

8.1CVSS5.6AI score0.00716EPSS

UBUNTU-CVE-2026-5245

A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts...

6.3CVSS5.2AI score0.00217EPSS

UBUNTU-CVE-2026-6986

A security vulnerability has been detected in Cesanta Mongoose up to 7...

OSV•added 2026/06/15 12:0 a.m.•2 views

UBUNTU-CVE-2026-5244

A vulnerability has been found in Cesanta Mongoose up to 7.20. This af...

9.8CVSS5.2AI score0.00727EPSS

8.1CVSS5.7AI score0.00622EPSS

UBUNTU-CVE-2026-5246

A vulnerability was determined in Cesanta Mongoose up to 7.20. Affecte...

7.5CVSS5.2AI score0.00565EPSS

UBUNTU-CVE-2026-6985

A weakness has been identified in Cesanta Mongoose up to 7.20. This vu...

Snyk•added 2026/06/02 9:0 p.m.•7 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score

UbuntuCve•added 2026/06/01 12:0 a.m.•8 views

CVE-2025-65502

Null pointer dereference in addcacerts in Cesanta Mongoose before...

4.3CVSS5.8AI score0.00241EPSS

Exploits1References3

RedhatCVE•added 2026/05/21 12:53 p.m.•8 views

CVE-2026-42334

A flaw was found in Mongoose, a MongoDB object modeling tool. A remote attacker could bypass the sanitizeFilter query sanitization mechanism by injecting malicious operators, such as $ne, $gt, or $regex, within a $nor clause. This vulnerability arises because the $nor operator was not properly...

OSV•added 2026/05/18 5:48 a.m.•4 views

BIT-MONGOOSE-2026-42334 Mongoose: Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection

Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps quer...

NVD•added 2026/05/14 6:16 p.m.•9 views

CVE-2026-42334

7.5CVSS0.00274EPSS

ATTACKERKB•added 2026/05/14 6:3 p.m.•4 views

CVE-2026-42334

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/14 6:3 p.m.•6 views

CVE-2026-42334 Mongoose: Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection

Cvelist•added 2026/05/14 6:3 p.m.•35 views

CVE-2026-42334 Mongoose: Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection

7.5CVSS0.00274EPSS

CVE•added 2026/05/14 6:3 p.m.•16 views

CVE-2026-42334

Technical details about CVE-2026-42334 are not publicly available in the provided documents. Monitor for updates.

Exploits0References1Affected Software1

CNNVD•added 2026/05/14 12:0 a.m.•9 views

Mongoose 注入漏洞

Mongoose is an open-source MongoDB object modeling framework developed by Automattic. It is designed to work in asynchronous environments. Prior to versions 6.13.9, 7.8.9, 8.22.1, and 9.1.6, Mongoose had an injection vulnerability. This vulnerability stemmed from bypassing the sanitizeFilter quer...

Tenable Nessus•added 2026/05/11 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-5245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler...

8.1CVSS5.8AI score0.00716EPSS

Exploits0References3

Tenable Nessus•added 2026/05/11 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2019-13503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mqparsehttp in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read. CVE-2019-13503 Note that Nessus relies on the presence of the package as reported ...

7.5CVSS5.9AI score0.01382EPSS