Tag

Nosql-Injection

4 briefs RSS

Mongoose NoSQL Injection Vulnerability via $nor Operator

Mongoose versions before 6.13.9, versions 7.0.0 through 7.8.8, versions 8.0.0 through 8.22.0, and versions 9.0.0 through 9.1.5 are vulnerable to NoSQL injection due to improper sanitization of the $nor operator, potentially allowing attackers to bypass query sanitization and exfiltrate data.

mongoose < 6.13.9 +3 nosql-injection mongoose sanitizeFilter

2r 1t May 5, 2026

critical advisory

FastGPT NoSQL Injection Vulnerability (CVE-2026-40351)

2 rules 1 TTP 1 CVE

FastGPT versions before 4.14.9.5 are vulnerable to NoSQL injection, allowing unauthenticated attackers to bypass authentication and gain administrative access.

NoSQL injection authentication bypass CVE-2026-40351 FastGPT

2r 1t 1c Apr 18, 2026

high advisory

FastGPT NoSQL Injection Vulnerability in Password Change Endpoint

2 rules 2 TTPs 1 CVE

FastGPT versions prior to 4.14.9.5 are vulnerable to NoSQL injection in the password change endpoint, allowing authenticated attackers to bypass password verification and perform account takeover.

nosql-injection account-takeover cve fastgpt privilege-escalation

2r 2t 1c Apr 17, 2026

critical advisory

UniFi Network Application Vulnerabilities CVE-2026-22557 and CVE-2026-22558

2 rules 2 TTPs

A combination of path traversal (CVE-2026-22557) and NoSQL injection (CVE-2026-22558) vulnerabilities in the UniFi Network Application allows attackers to access files, escalate privileges, and potentially compromise the entire system.

unifi path-traversal nosql-injection cve-2026-22557 cve-2026-22558

2r 2t Mar 21, 2026