|
371
|
8.1 |
HIGH
Network
|
microsoft
|
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2022
windows_server_2025
|
Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-42974
|
2026-06-11 04:53 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
372
|
7.8 |
HIGH
Local
|
microsoft
|
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2019
windows_server_2022
windows_server_2025
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
New
|
CWE-362
Race Condition
|
CVE-2026-42977
|
2026-06-11 04:49 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
373
|
5.5 |
MEDIUM
Local
|
-
|
-
|
MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parame…
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-9735
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
374
|
7.5 |
HIGH
Network
|
-
|
-
|
A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain n…
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-9740
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
375
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) results in literal values for encrypted fields w…
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-9741
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
376
|
7.5 |
HIGH
Network
|
-
|
-
|
When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is…
New
|
CWE-1287
Improper Validation of Specified Type of Input
|
CVE-2026-9742
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
377
|
6.5 |
MEDIUM
Network
|
-
|
-
|
In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may derefe…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-9743
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
378
|
6.5 |
MEDIUM
Network
|
-
|
-
|
When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user m…
New
|
CWE-617
Reachable Assertion
|
CVE-2026-9746
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
379
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server.
New
|
CWE-617
Reachable Assertion
|
CVE-2026-9747
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
380
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechani…
New
|
CWE-617
Reachable Assertion
|
CVE-2026-9748
|
2026-06-11 04:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
