CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

NVD•added 2026/05/14 6:16 p.m.•6 views

CVE-2026-42334

Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps quer...

7.5CVSS0.00047EPSS

Exploits0References1

vulnersOsv•added 2026/05/05 9:48 p.m.•1 views

@albertoielpo/kk-cli (>=1.1.0 <=1.1.2), @cyberskill/shared (>=2.20.0 <=2.27.0) +12 more potentially affected by CVE-2026-42334 via mongoose (>=9.0.0 <=9.1.5)

mongoose NPM version =9.0.0, =1.1.0, =2.20.0, =11.0.36, =11.7.0, =0.261.0, =0.98.0, =1.1.1, =9.0.0, =2.0.0, =1.0.2, =18.16.6, =18.17.2 Source cves: CVE-2026-42334 Source advisory: OSV:GHSA-WPG9-53FQ-2R8H...

7.5CVSS5.8AI score0.00047EPSS

Exploits0

GithubExploit•added 2025/12/11 7:50 a.m.•292 views

Exploit for Code Injection in Mongoosejs Mongoose

CVE-2025-23061 - Mongoose Command Injection A proof of concep...

9.8CVSS9.1AI score0.55322EPSS

Exploits3

OSV•added 2025/09/29 5:15 p.m.•4 views

CVE-2025-51495

An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow...

7.5CVSS7.5AI score0.00341EPSS

Exploits1References3

Debian CVE•added 2025/09/29 12:0 a.m.•6 views

CVE-2025-51495

7.5CVSS5.9AI score0.00341EPSS

Exploits1

vulnersOsv•added 2024/12/02 9:31 p.m.•1 views

@3kles/3kles-coremongodb (>=1.2.3 <=1.3.1), @3kles/storagebox-common (=1.0.3) +208 more potentially affected by CVE-2024-53900 via mongoose (>=6.0.1 <=6.13.4)

mongoose NPM version =6.0.1, =1.2.3, =0.0.1, =0.0.1, =0.1.0, =0.1.0, =0.0.5, =1.12.3, =0.5.0, =0.6.1 - @bonio-tw/casbin-mongoose-adapter =1.0.13-rc2 - @brontosaurus/db =3.24.0 - @brontosaurus/init =1.0.0 and more Source cves: CVE-2024-53900 Source advisory: OSV:GHSA-M7XQ-9374-9RVX...

9.1CVSS7.4AI score0.52176EPSS

Exploits3

vulnersOsv•added 2020/09/01 7:39 p.m.•1 views

@dashersw/mongoose-id-autoinc (>=0.0.5 <=0.3.0), @fundcount/fc-keystone (=0.3.21-7) +275 more potentially affected by unknown CVE via mongoose (>=3.5.5 <=3.8.37)

mongoose NPM version =3.5.5, =0.0.5, =1.2.3, =0.0.3, =0.1.16, =0.0.1, =0.0.2, =0.2.0, =0.0.1, =0.0.1, =0.0.71, =0.0.1, =0.0.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-R5XW-Q988-826M...

5.8AI score

Exploits0

Node.js•added 2018/04/24 8:33 p.m.•13 views

Remote Memory Exposure

Overview Versions of mongoose before 4.3.6, 3.8.39 are vulnerable to remote memory exposure. Trying to save a number to a field of type Buffer on the affected mongoose versions allocates a chunk of uninitialized memory and stores it in the database. Recommendation Update to version 4.3.6, 3.8.39 ...

6.8AI score

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by