Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mongodb mongodb vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2017-18381
The installation process in Open edX prior to 2017-01-10 exposes a MongoDB instance to external connections with default credentials.
Edx Edx-platform
1 Github repository
9.8
CVSSv3
CVE-2018-1784
IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807.
Ibm Api Connect
7.1
CVSSv3
CVE-2024-24595
Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.
Clear Clearml -
4.3
CVSSv3
CVE-2022-32218
An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries.
Rocket.chat Rocket.chat
9.8
CVSSv3
CVE-2022-41331
A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated malicious user to access the Redis and MongoDB instances via crafted authentication requests.
Fortinet Fortiproxy
6.1
CVSSv3
CVE-2020-2217
Jenkins Compatibility Action Storage Plugin 1.0 and previous versions does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.
Praqma Compatibility Action Storage
6.7
CVSSv3
CVE-2019-4383
When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165.
Ibm Spectrum Protect Plus 10.1.1
Ibm Spectrum Protect Plus 10.1.3
Ibm Spectrum Protect Plus 10.1.2
8.1
CVSSv3
CVE-2018-9327
Etherpad 1.5.x and 1.6.x prior to 1.6.4 allows an malicious user to execute arbitrary code on the server. The instance has to be configured to use a document database (DirtyDB, CouchDB, MongoDB, or RethinkDB).
Etherpad Etherpad
7.8
CVSSv3
CVE-2019-3800
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is t...
Pivotal Cloud Foundry Deployment Concourse Tasks
Pivotal Cloud Foundry Deployment
Pivotal Cloud Foundry Smoke Test
Pivotal Cloud Foundry Routing Release
Pivotal Cloud Foundry Notifications
Pivotal Cloud Foundry Command Line Interface Release
Pivotal Cloud Foundry Log Cache Release
Pivotal Cloud Foundry Networking Release
Pivotal Cloud Foundry Command Line Interface
Pivotal Cloud Foundry Healthwatch
Pivotal Credhub Service Broker For Pcf
Pivotal Metric Registrar Release
Pivotal On Demand Service Broker
Pivotal Application Service
Pivotal Cloud Foundry Autoscaling Release
Pivotal Pivotal Cloud Foundry Service Broker
Pivotal Single Sign-on
Pivotal Cloud Foundry Event Alerts
Appdynamics Platform Montioring
Bluemedora Nozzle
Contrastsecurity Service Broker
Cyberark Conjur Service Broker
8.8
CVSSv3
CVE-2020-35666
Steedos Platform up to and including 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id[$ne]=1 value.
Steedos Steedos
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »