This page collects WhisperX intelligence signals tagged #mongodb. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical gap exists between a security project's advertised capabilities and its actual code. The project's official documentation explicitly lists NoSQL injection (NoSQLi) detection as a core feature for testing injection attacks. However, a review of the source code reveals this is a documented but unimplemented fe...
A critical security update for the widely-used Mongoose ODM library patches multiple high-severity vulnerabilities, including a confirmed prototype pollution flaw. The update, moving from version 7.1.1 to 7.8.4, addresses CVE-2023-3696 and CVE-2024-53900, which could allow attackers to manipulate object prototypes and ...
Spring Data MongoDB 的一个关键候选版本被曝存在多个高危安全漏洞。在 `spring-data-mongodb-4.1.0-RC1.jar` 库中,扫描发现了四项漏洞,其中最高严重性评分为 7.5 分(CVSS 3.x)。该漏洞库的路径指向 `/spring-boot-project/spring-boot-testcontainers/build.gradle` 文件,表明其在 Spring Boot 测试容器项目中被直接依赖。这一发现将 Spring 生态系统中一个核心数据访问组件推向了安全风险的中心。 具体而言,最严重的漏洞被标识为 CVE-2025-41249,评级为“高危”,直接影响 `spring-c...
A recent code patch on GitHub exposes a previously unaddressed NoSQL injection vulnerability within a project's GraphQL API. The fix centers on critical type-safety flaws in resolver functions, where user-supplied IDs and enum values were not being properly sanitized before being passed to MongoDB queries. This oversig...