| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-11979 | Use-after-free in the MongoDB server query planner may lead to crash or undefined behavior | MongoDB Inc. | Server | Medium | 5.3 | 2025-10-20 17:47:58 | Deep Dive |
| CVE-2025-10491 | MongoDB Windows installation MSI may leave ACLs unset on custom installation directories | MongoDB Inc | MongoDB Server | High | 7.8 | 2025-09-15 16:04:54 | Deep Dive |
| CVE-2025-10061 | Malformed $group Query May Cause MongoDB Server to Crash | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2025-09-05 20:48:25 | Deep Dive |
| CVE-2025-10060 | MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2025-09-05 20:39:14 | Deep Dive |
| CVE-2025-10059 | MongoDB Server router will crash when incorrect lsid is set on a sharded query | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2025-09-05 20:26:53 | Deep Dive |
| CVE-2025-7259 | Certain Queries with Duplicate _id Fields May Cause MongoDB Server to Crash | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2025-07-07 15:59:02 | Deep Dive |
| CVE-2025-6714 | Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections | MongoDB Inc | MongoDB Server | High | 7.5 | 2025-07-07 14:48:48 | Deep Dive |
| CVE-2025-6713 | MongoDB Server may be susceptible to privilege escalation due to $mergeCursors stage | MongoDB Inc | MongoDB Server | High | 7.7 | 2025-07-07 14:46:36 | Deep Dive |
| CVE-2025-6712 | MongoDB Server may be susceptible to DoS due to Accumulated Memory Allocation | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2025-07-07 14:44:38 | Deep Dive |
| CVE-2025-6711 | Incomplete Redaction of Sensitive Information in MongoDB Server Logs | MongoDB Inc | MongoDB Server | Medium | 4.4 | 2025-07-07 14:42:17 | Deep Dive |
| CVE-2025-6710 | Pre-authentication Denial of Service Stack Overflow Vulnerability in JSON Parsing via Excessive Recursion in MongoDB | MongoDB Inc | MongoDB Server | High | 7.5 | 2025-06-26 14:09:30 | Deep Dive |
| CVE-2025-6709 | Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication | MongoDB Inc | MongoDB Server | High | 7.5 | 2025-06-26 14:07:05 | Deep Dive |
| CVE-2025-6707 | Race condition in privilege cache invalidation cycle | MongoDB Inc | MongoDB Server | Medium | 4.2 | 2025-06-26 14:04:46 | Deep Dive |
| CVE-2025-6706 | Running certain aggregation operations with the SBE engine may lead to unexpected behavior on MongoDB Server | MongoDB Inc | MongoDB Server | Medium | 5.0 | 2025-06-26 14:00:23 | Deep Dive |
| CVE-2025-3085 | MongoDB Server running on Linux may allow unexpected connections where intermediate certificates are revoked | MongoDB Inc | MongoDB Server | High | 8.1 | 2025-04-01 12:05:05 | Deep Dive |
| CVE-2025-3084 | MongoDB Server may crash due to improper validation of explain command | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2025-04-01 11:14:20 | Deep Dive |
| CVE-2025-3083 | Malformed MongoDB wire protocol messages may cause mongos to crash | MongoDB Inc | MongoDB Server | High | 7.5 | 2025-04-01 11:12:31 | Deep Dive |
| CVE-2025-3082 | User may override a view's collation and gain unauthorized access to underlying data | MongoDB Inc | MongoDB Server | Low | 3.1 | 2025-04-01 11:08:07 | Deep Dive |
| CVE-2025-0755 | MongoDB C Driver bson library may be susceptible to buffer overflow | MongoDB Inc | libbson | High | 8.4 | 2025-03-18 09:01:05 | Deep Dive |
| CVE-2024-10921 | Improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server | MongoDB Inc | MongoDB Server | Medium | 6.8 | 2024-11-14 16:04:04 | Deep Dive |