| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-14345 | Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server | MongoDB Inc. | MongoDB Server | Medium | 4.2 | 2025-12-09 15:00:39 | Deep Dive |
| CVE-2025-13644 | MongoDB may be susceptible to Invariant Failure due to batched delete | MongoDB Inc. | MongoDB Server | Medium | 6.5 | 2025-11-25 05:23:12 | Deep Dive |
| CVE-2025-13643 | MongoDB Server may allow queries to be terminated by unauthorized users | MongoDB Inc. | MongoDB Server | Low | 3.1 | 2025-11-25 05:16:24 | Deep Dive |
| CVE-2025-12893 | Improper Certificate Validation May Allow Successful TLS Handshaking Despite Invalid Extended Key Usage Fields in MongoDB Server | MongoDB Inc. | MongoDB Server | Medium | 4.2 | 2025-11-25 05:07:18 | Deep Dive |
| CVE-2025-13507 | Time-series operations may cause internal BSON size limit to be exceed | MongoDB Inc. | MongoDB Server | Medium | 6.5 | 2025-11-25 04:52:48 | Deep Dive |
| CVE-2025-10703 | Progress多款产品 代码注入漏洞 | Progress | DataDirect Connect for JDBC for Amazon Redshift | - | - | 2025-11-19 15:47:08 | Deep Dive |
| CVE-2025-10702 | Progress多款产品 代码注入漏洞 | Progress | DataDirect Connect for JDBC for Amazon Redshift | - | - | 2025-11-19 15:46:27 | Deep Dive |
| CVE-2025-12119 | Bulk write with options may read invalid memory | MongoDB | C Driver | Medium | 6.8 | 2025-11-18 20:21:08 | Deep Dive |
| CVE-2025-12657 | Malformed KMIP response may result in access violation | MongoDB Inc. | MongoDB Server | Medium | 5.0 | 2025-11-03 21:03:25 | Deep Dive |
| CVE-2025-12100 | MongoDB BI Connector ODBC driver installation via MSI may leave ACLs unset on custom installation directories | MongoDB | BI Connector ODBC driver | High | 7.8 | 2025-10-23 21:02:19 | Deep Dive |
| CVE-2025-11575 | MongoDB Atlas SQL ODBC driver installation via MSI may leave ACLs unset on custom installation directories | MongoDB | Atlas SQL ODBC driver | High | 7.8 | 2025-10-23 00:22:01 | Deep Dive |
| CVE-2025-11979 | Use-after-free in the MongoDB server query planner may lead to crash or undefined behavior | MongoDB Inc. | Server | Medium | 5.3 | 2025-10-20 17:47:58 | Deep Dive |
| CVE-2025-11695 | Configuration may unexpectedly disable certificate validation | MongoDB | Rust Driver | High | 8.0 | 2025-10-13 16:22:57 | Deep Dive |
| CVE-2025-11535 | MongoDB Connector for BI installation MSI leave ACLs unset on custom installation directories | MongoDB Inc | MongoDB Connector for BI | - | - | 2025-10-08 22:07:18 | Deep Dive |
| CVE-2025-10491 | MongoDB Windows installation MSI may leave ACLs unset on custom installation directories | MongoDB Inc | MongoDB Server | High | 7.8 | 2025-09-15 16:04:54 | Deep Dive |
| CVE-2025-10061 | Malformed $group Query May Cause MongoDB Server to Crash | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2025-09-05 20:48:25 | Deep Dive |
| CVE-2025-10060 | MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2025-09-05 20:39:14 | Deep Dive |
| CVE-2025-10059 | MongoDB Server router will crash when incorrect lsid is set on a sharded query | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2025-09-05 20:26:53 | Deep Dive |
| CVE-2025-7259 | Certain Queries with Duplicate _id Fields May Cause MongoDB Server to Crash | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2025-07-07 15:59:02 | Deep Dive |
| CVE-2025-6714 | Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections | MongoDB Inc | MongoDB Server | High | 7.5 | 2025-07-07 14:48:48 | Deep Dive |