|
381
|
6.5 |
MEDIUM
Network
|
-
|
-
|
This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces e…
New
|
CWE-617
Reachable Assertion
|
CVE-2026-9749
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
382
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from in…
New
|
CWE-617
Reachable Assertion
|
CVE-2026-9750
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
383
|
5.5 |
MEDIUM
Local
|
-
|
-
|
The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-9751
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
384
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS.
Strict-wi…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-9752
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
385
|
8.1 |
HIGH
Network
|
-
|
-
|
The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApply…
New
|
CWE-1287
Improper Validation of Specified Type of Input
|
CVE-2026-9753
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
386
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command
New
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-9754
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
387
|
5.4 |
MEDIUM
Network
|
microsoft
|
sharepoint_server
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-45479
|
2026-06-11 04:42 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
388
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Ellucian Banner Self-Service before the April T2 release (2025-04-23) contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-32856
|
2026-06-11 04:41 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
389
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HT…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-25557
|
2026-06-11 04:41 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
390
|
6.1 |
MEDIUM
Network
|
-
|
-
|
OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-34416
|
2026-06-11 04:41 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
