Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-27 CVE-2025-1755 Untrusted Search Path vulnerability in multiple products
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\.
local
low complexity
mongodb redhat CWE-426
7.8
7.8
2025-02-27 CVE-2025-1756 Untrusted Search Path vulnerability in multiple products
mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\.
local
low complexity
mongodb redhat CWE-426
7.8
7.8
2025-02-27 CVE-2024-13148 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yukseloglu Filter B2B Login Platform allows SQL Injection.This issue affects B2B Login Platform: before 16.01.2025.
network
low complexity
CWE-89
critical
 9.8
9.8
2025-02-27 CVE-2024-54169 IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system.
network
low complexity
CWE-22
6.5
6.5
2025-02-27 CVE-2024-54170 IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles.
local
low complexity
 5.5
5.5
2025-02-27 CVE-2024-56493 IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned.
local
low complexity
CWE-209
3.3
3.3
2025-02-27 CVE-2024-56494 IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned.
local
low complexity
CWE-209
3.3
3.3
2025-02-27 CVE-2024-56495 IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned.
local
low complexity
CWE-209
3.3
3.3
2025-02-27 CVE-2024-56496 IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned.
local
low complexity
CWE-209
3.3
3.3
2025-02-27 CVE-2024-56810 IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned.
local
low complexity
CWE-209
3.3
3.3