Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mongodb mongodb vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2017-18381
The installation process in Open edX prior to 2017-01-10 exposes a MongoDB instance to external connections with default credentials.
Edx Edx-platform
1 Github repository
2.1
CVSSv2
CVE-2019-3800
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is t...
Pivotal Cloud Foundry Notifications
Pivotal Cloud Foundry Log Cache Release
Pivotal Cloud Foundry Deployment Concourse Tasks
Pivotal Cloud Foundry Deployment
Pivotal Cloud Foundry Smoke Test
Pivotal Cloud Foundry Routing Release
Pivotal Cloud Foundry Networking Release
Pivotal Cloud Foundry Command Line Interface Release
Pivotal Cloud Foundry Command Line Interface
Pivotal Pivotal Cloud Foundry Service Broker
Pivotal On Demand Service Broker
Pivotal Metric Registrar Release
Pivotal Credhub Service Broker For Pcf
Pivotal Cloud Foundry Autoscaling Release
Pivotal Cloud Foundry Event Alerts
Pivotal Application Service
Pivotal Cloud Foundry Healthwatch
Pivotal Single Sign-on
Apigee Edge Service Broker
Newrelic Dotnet Extension Buildpack
Microsoft Azure Service Broker
Appdynamics Application Analytics
7.5
CVSSv2
CVE-2018-1784
IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807.
Ibm Api Connect
NA
CVE-2024-24595
Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.
Clear Clearml -
NA
CVE-2022-32218
An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries.
Rocket.chat Rocket.chat
NA
CVE-2022-41331
A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated malicious user to access the Redis and MongoDB instances via crafted authentication requests.
Fortinet Fortiproxy
4.3
CVSSv2
CVE-2020-2217
Jenkins Compatibility Action Storage Plugin 1.0 and previous versions does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.
Praqma Compatibility Action Storage
4.6
CVSSv2
CVE-2019-4383
When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165.
Ibm Spectrum Protect Plus 10.1.1
Ibm Spectrum Protect Plus 10.1.3
Ibm Spectrum Protect Plus 10.1.2
6.8
CVSSv2
CVE-2018-9327
Etherpad 1.5.x and 1.6.x prior to 1.6.4 allows an malicious user to execute arbitrary code on the server. The instance has to be configured to use a document database (DirtyDB, CouchDB, MongoDB, or RethinkDB).
Etherpad Etherpad
6.5
CVSSv2
CVE-2020-35666
Steedos Platform up to and including 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id[$ne]=1 value.
Steedos Steedos
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »