Lucene search
+L

40 matches found

RedhatCVE
RedhatCVE
added 2026/06/29 7:12 a.m.7 views

CVE-2026-41696

A flaw was found in Spring Data MongoDB. Repository query methods that use regular expression regex parameter binding perform insufficient validation of the bound parameter. A remote attacker can exploit this by supplying a crafted string, which could lead to breaking out of the intended regular...

5.9CVSS5.8AI score0.00262EPSS
Exploits0References4
Veracode
Veracode
added 2026/06/18 7:54 a.m.64 views

NoSQL Injection

Spring Data MongoDB is vulnerable to NoSQL Injection. The vulnerability is due to insufficient validation of parameters bound to regular expressions in @Query-annotated repository methods, where attacker-controlled input can break out of the intended regex quoting e.g., ^\Q?0\E$ and manipulate...

5.9CVSS5.3AI score0.00262EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/10 1:13 a.m.7 views

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' via parameter binding when a repository query method is annotated with @Query and uses a capture-all placeholder. An...

9.2CVSS5.8AI score0.00328EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 12:31 a.m.10 views

EUVD-2026-35892

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring Data MongoDB 5.0.0...

5.9CVSS5.5AI score0.00262EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 12:31 a.m.11 views

EUVD-2026-35900

Spring Data MongoDB contains a SpEL Spring Expression Language expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions: Spring Data MongoDB 5.0.0...

8.1CVSS5.5AI score0.00328EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 12:16 a.m.13 views

CVE-2026-41717

Spring Data MongoDB contains a SpEL Spring Expression Language expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions: Spring Data MongoDB 5.0.0...

8.1CVSS0.00328EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.26 views

VMware Spring Data MongoDB 安全漏洞

VMware Spring Data MongoDB is a MongoDB data access framework developed by the American company VMware. There is a security vulnerability in VMware Spring Data MongoDB, which stems from insufficient validation of bound parameters in repository query methods using the @Query annotation and regular...

5.9CVSS5.3AI score0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 11:48 p.m.44 views

CVE-2026-41717 Spring Data MongoDB - SpEL Expression Injection via Annotated Query Parameter Binding

Spring Data MongoDB contains a SpEL Spring Expression Language expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions: Spring Data MongoDB 5.0.0...

8.1CVSS0.00328EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 p.m.9 views

CVE-2026-41717 Spring Data MongoDB - SpEL Expression Injection via Annotated Query Parameter Binding

Spring Data MongoDB contains a SpEL Spring Expression Language expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions: Spring Data MongoDB 5.0.0...

8.1CVSS5.5AI score0.00328EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:48 p.m.45 views

CVE-2026-41717

Spring Data MongoDB contains a SpEL expression injection vulnerability in parameter binding for user-defined repository queries annotated with @Query using a capture-all placeholder. Affected versions include 5.0.0–5.0.5; 4.5.0–4.5.11; 4.4.0–4.4.14; 4.3.0–4.3.16; 4.2.0–4.2.15; 4.1.0–4.1.14; 4.0.0...

8.1CVSS5.5AI score0.00328EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/09 11:48 p.m.2 views

CVE-2026-41717 Spring Data MongoDB - SpEL Expression Injection via Annotated Query Parameter Binding

Spring Data MongoDB contains a SpEL Spring Expression Language expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions: Spring Data MongoDB 5.0.0...

8.1CVSS6AI score0.00328EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 11:47 p.m.41 views

CVE-2026-41696 Spring Data MongoDB Bind Parameter Literal Quoting Breakout

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring Data MongoDB 5.0.0...

5.9CVSS0.00262EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:47 p.m.11 views

CVE-2026-41696 Spring Data MongoDB Bind Parameter Literal Quoting Breakout

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring Data MongoDB 5.0.0...

5.9CVSS5.5AI score0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:47 p.m.101 views

CVE-2026-41696

Spring Data MongoDB CVE-2026-41696 affects multiple versions (5.0.0–5.0.5; 4.5.0–4.5.11; 4.4.0–4.4.14; 4.3.0–4.3.16; 4.2.0–4.2.15; 4.1.0–4.1.14; 4.0.0–4.0.15; 3.4.0–3.4.19). The issue is insufficient validation of bound parameters in repository query methods annotated with @Query that use regex b...

5.9CVSS5.5AI score0.00262EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/09 11:47 p.m.3 views

CVE-2026-41696 Spring Data MongoDB Bind Parameter Literal Quoting Breakout

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring Data MongoDB 5.0.0...

5.9CVSS6AI score0.00262EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-48319

Name of the Vulnerable Software and Affected Versions Spring Data MongoDB versions 5.0.0 through 5.0.5 Spring Data MongoDB versions 4.5.0 through 4.5.11 Spring Data MongoDB versions 4.4.0 through 4.4.14 Spring Data MongoDB versions 4.3.0 through 4.3.16 Spring Data MongoDB versions 4.2.0 through...

8.1CVSS6.3AI score0.00328EPSS
Exploits0References5
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.12 views

cve-2026-41717 - HIGH - Spring Data MongoDB - SpEL Expression Injection via Annotated Query Parameter Binding

cve-2026-41717 - HIGH - Spring Data MongoDB - SpEL Expression Injection via Annotated Query Parameter Binding...

8.1CVSS6.1AI score0.00328EPSS
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.12 views

cve-2026-41696 - MEDIUM - Spring Data MongoDB Bind Parameter Literal Quoting Breakout

cve-2026-41696 - MEDIUM - Spring Data MongoDB Bind Parameter Literal Quoting Breakout...

5.9CVSS6.1AI score0.00262EPSS
Exploits0
Snyk
Snyk
added 2026/06/09 12:0 a.m.12 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the @Query regex parameter binding when a bound parameter is placed inside a regular expression literal using \Q...\E quoting e.g. @Query" name : /^\\Q?0\\E$/ "...

8.2CVSS5.3AI score0.00262EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/02/18 10:21 a.m.180 views

Exploit for Expression Language Injection in Vmware Spring_Data_Mongodb

SpringData - SpEL RCE Exploit - CVE-2022-22980 Exploit pour l...

9.8CVSS5.6AI score0.16771EPSS
Exploits3
Rows per page
Query Builder