139 matches found
Access of Resource Using Incompatible Type ('Type Confusion')
Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' through improper handling of reserved keys in the JSON protocol when serializing CedarMap. An attacker can cause unauthorized access or manipulation of data by supplying...
CedarJava has type confusion vulnerability
Summary CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. Under certain circumstances, improper input handling could allow type confusion across the Java-Rust FFI boundary. Impact Record-to-Entity type confusion across the...
PT-2026-50975
Name of the Vulnerable Software and Affected Versions CedarJava versions prior to 2.3.6 CedarJava versions prior to 3.4.1 CedarJava versions prior to 4.9 Description Improper input handling allows Record-to-Entity type confusion across the Java-Rust FFI Foreign Function Interface boundary...
PT-2026-48932
Summary A NoSQL injection vulnerability existed in MongoDBSaver where checkpoint identifier fields from config.configurable were used in MongoDB queries without strict type enforcement. In vulnerable versions, attacker-controlled object payloads for example MongoDB operators like $gt and $ne coul...
CVE-2026-8200
When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...
RockyLinux 10 : galera and mariadb11.8 (RLSA-2026:19021)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19021 advisory. MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSONSCHEMAVALID function vulnerability CVE-2026-32710 Tenable has extracted the preceding...
ROS-20260529-73-0026
The vulnerability of the JSONSCHEMAVALID function in the MariaDB database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow an attacker to cause service interruptions and execute arbitrary code by sending a specially crafted JSON file...
ROS-20260529-73-0025
The vulnerability of the JSONSCHEMAVALID function in the MariaDB database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow an attacker to cause service interruptions and execute arbitrary code by sending a specially crafted JSON file...
RLSA-2026:19182 Moderate: mariadb:11.8 security update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSONSCHEMAVALID function vulnerability CVE-2026-32710 For more details about the security issues, including the impact...
PT-2026-44064
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description The fetchToken function in the OAuth2 SDK performs a POST request to a URL provided by the builder using node-fetch. This process bypasses the isBlacklisted check used by all other outbound fetch...
BIT-MONGODB-2026-8200 Schema validation log messages may not redact user data
When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...
RHEL 9 : mariadb:11.8 (RHSA-2026:19182)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19182 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: MariaDB: MariaDB: Remote Code...
PT-2026-41737
Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.7 Description OS command injection occurs due to inadequate input sanitization, lack of schema validation, and direct shell interpolation. User-controlled application names are processed by the cleanAppName...
Linux Distros Unpatched Vulnerability : CVE-2026-8200
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not...
EUVD-2026-29891
When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...
CVE-2026-8200
When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...
CVE-2026-8200
When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...
UBUNTU-CVE-2026-8200
When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...
CVE-2026-8200 Schema validation log messages may not redact user data
When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...
CVE-2026-8200
When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...