Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mongodb mongodb vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-24760
Parse Server is an open source http web server backend. In versions before 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Pr...
Parseplatform Parse-server
5.5
CVSSv2
CVE-2021-32036
An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field ...
Mongodb Mongodb
2.1
CVSSv2
CVE-2021-32039
Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious malicious users to perform unauthorized actions. This vulnerability affects all MongoDB Extens...
Mongodb Mongodb
4
CVSSv2
CVE-2021-20330
An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions before 4.0.27; MongoDB Server v4.2 ve...
Mongodb Mongodb
4
CVSSv2
CVE-2021-32037
An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to l...
Mongodb Mongodb
5
CVSSv2
CVE-2021-39187
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver whi...
Parseplatform Parse-server
2.1
CVSSv2
CVE-2021-20332
Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpected...
Mongodb Rust Driver
Mongodb Rust Driver 2.0.0
5
CVSSv2
CVE-2021-20333
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions before 3.6.20; MongoDB Server v4.0 versions before 4.0.21 and MongoDB Server v4.2 versions b...
Mongodb Mongodb
4.3
CVSSv2
CVE-2021-21422
mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document...
Mongo-express Project Mongo-express
Mongo-express Project Mongo-express 1.0.0
4
CVSSv2
CVE-2021-20329
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO D...
Mongodb Go Driver
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »