Skip to main content

Cve Search

2 CVEs product

Monthly

CVE-2026-59509 CRITICAL POC PATCH Act Now

Arbitrary MongoDB collection disclosure in cve-search allows a remote, unauthenticated attacker to read any application database collection through the POST /fetch_cve_data endpoint by manipulating the collection name, projected fields, and regex filter parameters. Attackers can dump the mgmt_users collection to harvest administrative usernames and password hashes for offline cracking. Publicly available exploit code exists (referenced in the project issue tracker) and a vendor patch is available, though no active exploitation has been reported.

Information Disclosure Cve Search
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.3%
CVE-2021-45470 HIGH POC PATCH This Week

lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS (regular expression denial of service) or other impacts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cve Search
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
EPSS 0% CVSS 9.2
CRITICAL POC PATCH Act Now

Arbitrary MongoDB collection disclosure in cve-search allows a remote, unauthenticated attacker to read any application database collection through the POST /fetch_cve_data endpoint by manipulating the collection name, projected fields, and regex filter parameters. Attackers can dump the mgmt_users collection to harvest administrative usernames and password hashes for offline cracking. Publicly available exploit code exists (referenced in the project issue tracker) and a vendor patch is available, though no active exploitation has been reported.

Information Disclosure Cve Search
NVD GitHub VulDB
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS (regular expression denial of service) or other impacts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cve Search
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy