Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mongodb vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-7610
All versions of bson prior to 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type.
Mongodb Bson
6.8
CVSSv2
CVE-2020-2268
A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and previous versions allows malicious users to gain access to some metadata of any arbitrary files on the Jenkins controller.
Jenkins Mongodb
4.6
CVSSv2
CVE-2021-20334
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later...
Mongodb Compass
4
CVSSv2
CVE-2020-2267
A missing permission check in Jenkins MongoDB Plugin 1.3 and previous versions allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller.
Jenkins Mongodb
4
CVSSv2
CVE-2020-7927
Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and i...
Mongodb Ops Manager
5.8
CVSSv2
CVE-2018-16790
_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.
Mongodb Libbson 1.12.0
4.3
CVSSv2
CVE-2021-20327
A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between th...
Mongodb Libmongocrypt 1.2.0
4
CVSSv2
CVE-2021-20329
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO D...
Mongodb Go Driver
4.1
CVSSv2
CVE-2021-20335
For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions prior to and including 4.4.12 triggers a bug where Automation thinks SSL is being...
Mongodb Ops Manager
5
CVSSv2
CVE-2018-13863
The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x prior to 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long u...
Mongodb Js-bson
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »