Search
Search Results (4 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4147 | 1 Mongodb | 1 Mongodb Server | 2026-03-18 | 6.5 Medium |
| An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command. | ||||
| CVE-2026-4148 | 1 Mongodb | 1 Mongodb Server | 2026-03-18 | 8.8 High |
| A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline. | ||||
| CVE-2026-4358 | 1 Mongodb | 1 Mongodb Server | 2026-03-18 | 6.4 Medium |
| A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution (SBE) engine when an in-memory hash table is spilled to disk. | ||||
| CVE-2019-20923 | 1 Mongodb | 2 Mongodb, Mongodb Server | 2024-11-21 | 6.5 Medium |
| A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7. | ||||
Page 1 of 1.