Search CVE reports


Toggle filters

1 – 10 of 1736 results


CVE-2025-7259

Medium priority
Needs evaluation

An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This...

1 affected package

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2025-6714

Medium priority
Needs evaluation

MongoDB Server’s mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0...

1 affected package

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2025-6713

Medium priority
Needs evaluation

An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without...

1 affected package

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2025-6712

Medium priority
Needs evaluation

MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where...

1 affected package

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2025-6711

Medium priority
Needs evaluation

An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered. This issue affects MongoDB Server v8.0 versions prior to 8.0.5, MongoDB...

1 affected package

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2025-6710

Medium priority
Needs evaluation

MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where specifically crafted JSON inputs may induce unwarranted levels of recursion, resulting in excessive stack space consumption. Such inputs can...

1 affected package

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2025-6709

Medium priority
Needs evaluation

The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious...

1 affected package

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2025-6707

Medium priority
Needs evaluation

Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB...

1 affected package

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2025-6706

Medium priority
Needs evaluation

An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected...

1 affected package

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2025-54119

Medium priority
Needs evaluation

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL...

1 affected package

libphp-adodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libphp-adodb Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages