Skip to main content

Couchbase Server

49 CVEs product

Monthly

CVE-2025-46619 HIGH This Week

A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in v.7.6.4 and v.7.2.7 for Windows that could allow unauthorized access to sensitive files. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Couchbase Server Windows
NVD
CVSS 3.1
7.6
EPSS
0.5%
CVE-2024-56178 MEDIUM This Month

An issue was discovered in Couchbase Server 7.6.x through 7.6.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-25673 MEDIUM This Month

Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Couchbase Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37034 MEDIUM This Month

An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-23302 HIGH This Week

Couchbase Server before 7.2.4 has a private key leak in goxdcr.log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-50782 PyPI HIGH PATCH This Week

A flaw was found in the python-cryptography package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Python Ansible Automation Platform Enterprise Linux Update Infrastructure +2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-36667 HIGH This Week

Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-45875 PyPI HIGH This Week

An issue was discovered in Couchbase Server 7.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-3079 HIGH POC KEV THREAT This Week

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Google Chrome Fedora +4
NVD
CVSS 3.1
8.8
EPSS
32.7%
CVE-2023-2033 HIGH KEV THREAT This Week

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Debian Linux +2
NVD
CVSS 3.1
8.8
EPSS
40.8%
CVE-2023-28470 MEDIUM This Month

In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-25016 HIGH This Week

Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-32556 HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-34826 MEDIUM This Month

In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the logs. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-33911 MEDIUM This Month

An issue was discovered in Couchbase Server 7.x before 7.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-33173 HIGH This Week

An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32561 MEDIUM This Month

An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-32559 CRITICAL Act Now

An issue was discovered in Couchbase Server before 7.0.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Couchbase Server
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2022-32557 HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32565 HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32562 HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Couchbase Server
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-32192 HIGH This Week

Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-32564 HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32560 HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-32558 HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-32193 MEDIUM This Month

Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-42763 HIGH This Week

Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-37842 HIGH This Week

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-35945 HIGH This Week

Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-35944 HIGH This Week

Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-35943 CRITICAL Act Now

Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-25643 MEDIUM This Month

An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-27924 MEDIUM This Month

An issue was discovered in Couchbase Server 6.x through 6.6.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2021-31158 MEDIUM This Month

In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-27925 MEDIUM This Month

An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Couchbase Server
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2021-25644 HIGH This Week

An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-25645 MEDIUM This Month

An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-24719 CRITICAL POC THREAT Emergency

Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Couchbase Server
NVD
CVSS 3.1
9.8
EPSS
23.3%
CVE-2020-9042 HIGH This Week

In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Couchbase Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-9041 HIGH This Week

In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server Sync Gateway
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-9039 CRITICAL POC Act Now

Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Couchbase Server
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2019-11497 HIGH This Week

In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-11496 CRITICAL Act Now

In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2019-11495 CRITICAL Act Now

In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-11467 HIGH This Week

In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-11466 MEDIUM This Month

In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-11465 MEDIUM This Month

An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-11464 MEDIUM This Month

Some enterprises require that REST API endpoints include security-related headers in REST responses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Couchbase Server
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2018-15728 HIGH POC This Week

Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Couchbase Server
NVD
CVSS 3.0
8.8
EPSS
2.9%
EPSS 0% CVSS 7.6
HIGH This Week

A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in v.7.6.4 and v.7.2.7 for Windows that could allow unauthorized access to sensitive files. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Couchbase Server +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in Couchbase Server 7.6.x through 7.6.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Couchbase Server
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Couchbase Server before 7.2.4 has a private key leak in goxdcr.log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the python-cryptography package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Python Ansible Automation Platform +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Couchbase Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Couchbase Server 7.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 33% CVSS 8.8
HIGH POC KEV THREAT This Week

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Google +6
NVD
EPSS 41% CVSS 8.8
HIGH KEV THREAT This Week

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google +4
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Couchbase Server
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the logs. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An issue was discovered in Couchbase Server 7.x before 7.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

An issue was discovered in Couchbase Server before 7.0.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Couchbase Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Couchbase Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Couchbase Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Couchbase Server
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

An issue was discovered in Couchbase Server 6.x through 6.6.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
EPSS 1% CVSS 4.4
MEDIUM This Month

An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Couchbase Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 23% CVSS 9.8
CRITICAL POC THREAT Emergency

Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Couchbase Server
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Couchbase Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server Sync Gateway
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Couchbase Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Couchbase Server
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Some enterprises require that REST API endpoints include security-related headers in REST responses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Couchbase Server
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Couchbase Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy