CVE Tools

couchbase

DatabasesUScommercial

51

Cumulative CVEs

9

Monthly snapshots

#51

Peak rank

Top products

couchbase server11

Latest CVEs

The 15 most recently published vulnerabilities affecting couchbase.

CVE-2025-52490An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output.7.3Jul 29, 2025
CVE-2025-49015The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a ...4.9Jun 18, 2025
CVE-2025-46619A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in v.7.6.4 and v.7.2.7 for Windows that could allow unauthorized access to sensitive files. Depending on the level of...7.6Apr 30, 2025
CVE-2024-56178An issue was discovered in Couchbase Server 7.6.x through 7.6.3. A user with the security_admin_local role can create a new user in a group that has the admin role.6.5Jan 27, 2025
CVE-2024-25673Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.6.1Sep 19, 2024
CVE-2024-37034An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link ...5.9Jul 26, 2024
CVE-2023-43768An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1. Unauthenticated users may cause memcached to run out of memory via large commands.7.5Mar 27, 2024
CVE-2024-23302Couchbase Server before 7.2.4 has a private key leak in goxdcr.log.7.5Feb 28, 2024
CVE-2023-49338Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authentication for the /admin/stats and /admin/vitals endpoints on TCP port 8093 of localhost.7.5Feb 28, 2024
CVE-2023-49932An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions.5.4Feb 28, 2024
CVE-2023-49931An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted.9.8Feb 28, 2024
CVE-2023-49930An issue was discovered in Couchbase Server before 7.2.4. cURL calls to /diag/eval are not sufficiently restricted.9.8Feb 28, 2024
CVE-2023-50437An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and engageCluster2.8.6Feb 28, 2024
CVE-2023-50436An issue was discovered in Couchbase Server before 7.2.4. ns_server admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5.5.3Feb 28, 2024
CVE-2023-45874An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (outage of reader threads).4.3Feb 28, 2024