Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mongodb vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2013-1895
The py-bcrypt module prior to 0.3 for Python does not properly handle concurrent memory access, which allows malicious users to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.
Python Py-bcrypt
Fedoraproject Fedora 17
Fedoraproject Fedora 18
1 Github repository
NA
CVE-2024-1351
Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been clo...
NA
CVE-2024-3371
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling malicious users to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to ...
9.1
CVSSv3
CVE-2020-4669
IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database....
Ibm Planning Analytics Cloud 2.0.0
Ibm Planning Analytics Local 2.0.0
9.9
CVSSv3
CVE-2023-43651
JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI...
Fit2cloud Jumpserver
1 Github repository
7.3
CVSSv3
CVE-2013-0165
cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.
Redhat Openshift -
9.8
CVSSv3
CVE-2018-3783
A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset.
Flintcms Flintcms
1 Github repository
7.2
CVSSv3
CVE-2017-18381
The installation process in Open edX prior to 2017-01-10 exposes a MongoDB instance to external connections with default credentials.
Edx Edx-platform
1 Github repository
9.8
CVSSv3
CVE-2018-1784
IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807.
Ibm Api Connect
7.1
CVSSv3
CVE-2024-24595
Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.
Clear Clearml -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »