Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22374
Total
1599
Critical
6838
High
7169
Medium
CVE ID Severity Score Description Published
CVE-2026-41695 HIGH 7.5 Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path … Jun 10, 2026
CVE-2026-41694 LOW 3.7 Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able … Jun 10, 2026
CVE-2026-41008 MEDIUM 6.1 Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an invalid request_uri … Jun 10, 2026
CVE-2026-41003 HIGH 7.6 An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters. Affected versions: … Jun 10, 2026
CVE-2026-40993 HIGH 7.3 An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the columns containing … Jun 10, 2026
CVE-2026-40991 MEDIUM 5.9 When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting … Jun 10, 2026
CVE-2026-40988 HIGH 7.5 An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of … Jun 10, 2026
CVE-2026-9754 MEDIUM 6.5 An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command Jun 09, 2026
CVE-2026-9753 HIGH 8.1 The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the … Jun 09, 2026
CVE-2026-9752 MEDIUM 6.5 An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing … Jun 09, 2026
CVE-2026-9751 MEDIUM 5.5 The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text. Jun 09, 2026
CVE-2026-9750 MEDIUM 6.5 An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query … Jun 09, 2026
CVE-2026-9749 MEDIUM 6.5 This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single … Jun 09, 2026
CVE-2026-9748 MEDIUM 6.5 The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general … Jun 09, 2026
CVE-2026-9747 MEDIUM 6.5 Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server. Jun 09, 2026
CVE-2026-9746 MEDIUM 6.5 When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges … Jun 09, 2026
CVE-2026-9743 MEDIUM 6.5 In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on … Jun 09, 2026
CVE-2026-9742 HIGH 7.5 When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. … Jun 09, 2026
CVE-2026-9741 MEDIUM 6.5 A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) results in literal values … Jun 09, 2026
CVE-2026-9740 HIGH 7.5 A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON … Jun 09, 2026
CVE-2026-9735 MEDIUM 5.5 MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication … Jun 09, 2026
CVE-2026-46433 MEDIUM 6.5 lldpd is an implementation of IEEE 802.1ab (LLDP). Prior to version 1.0.22, lldpd_decode() in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling … Jun 09, 2026
CVE-2026-46374 HIGH 7.5 SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users … Jun 09, 2026
CVE-2026-46373 HIGH 7.5 SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users … Jun 09, 2026
CVE-2026-44963 UNKNOWN A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. Jun 09, 2026