Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

MongoDB Server — Vulnerabilities & Security Advisories 74

All 74 CVE vulnerabilities found in MongoDB Server, with AI-generated Chinese analysis, references, and POCs.

Vendor: MongoDB Inc.

CVE IDTitleCVSSSeverityPaused
CVE-2025-6709 Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication CWE-20 7.5 High2025-06-26
CVE-2025-6707 Race condition in privilege cache invalidation cycle CWE-863 4.2 Medium2025-06-26
CVE-2025-6706 Running certain aggregation operations with the SBE engine may lead to unexpected behavior on MongoDB Server CWE-416 5.0 Medium2025-06-26
CVE-2025-3085 MongoDB Server running on Linux may allow unexpected connections where intermediate certificates are revoked CWE-299 8.1 High2025-04-01
CVE-2025-3084 MongoDB Server may crash due to improper validation of explain command CWE-703 6.5 Medium2025-04-01
CVE-2025-3083 Malformed MongoDB wire protocol messages may cause mongos to crash CWE-248 7.5 High2025-04-01
CVE-2025-3082 User may override a view's collation and gain unauthorized access to underlying data CWE-284 3.1 Low2025-04-01
CVE-2024-10921 Improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server CWE-158 6.8 Medium2024-11-14
CVE-2024-8305 MongoDB Server secondaries may crash due to forced index constraints CWE-1288 6.5 Medium2024-10-21
CVE-2024-8654 MongoDB Server may access non-initialized region of memory leading to unexpected behaviour CWE-908 5.0 Medium2024-09-10
CVE-2024-8207 MongoDB Server binaries may load potentially insecure shared libraries from specific relative paths CWE-114 6.4 Medium2024-08-27
CVE-2024-6384 Backup files may be downloaded by underprivileged users in MongoDB Enterprise Server CWE-285 5.3 Medium2024-08-13
CVE-2024-7553 Accessing Untrusted Directory May Allow Local Privilege Escalation CWE-284 7.3 High2024-08-07
CVE-2024-6375 Missing authorization check may lead to shard key refinement CWE-285 5.4 Medium2024-07-01
CVE-2024-3374 MongoDB Server (mongod) may crash when generating ftdc CWE-617 5.3 Medium2024-05-14
CVE-2024-3372 MongoDB Server may have unexpected application behaviour due to invalid BSON CWE-20 7.5 High2024-05-14
CVE-2024-1351 MongoDB Server may allow successful untrusted connection CWE-295 8.8 High2024-03-07
CVE-2023-1409 Certificate validation issue in MongoDB Server running on Windows or macOS CWE-295 5.3 Medium2023-08-23
CVE-2022-24272 MongoDB Server (mongod) may crash in response to unexpected requests CWE-617 6.5 Medium2022-04-21
CVE-2021-32040 Large aggregation pipelines with a specific stage can crash mongod under default configuration CWE-121 6.5 Medium2022-04-12
CVE-2021-32036 Denial of Service and Data Integrity vulnerability in features command CWE-770 5.4 Medium2022-02-04
CVE-2021-20330 Specific replication command with malformed oplog entries can crash secondaries CWE-20 6.5 Medium2021-12-15
CVE-2021-32037 User may trigger invariant when allowed to send commands directly to shards CWE-617 6.5 Medium2021-11-24
CVE-2021-20333 Server log entry spoofing via newline injection CWE-117 5.3 Medium2021-07-23
CVE-2021-20326 Specially crafted query may result in a denial of service of mongod CWE-20 6.5 Medium2021-04-30
CVE-2018-25004 Invariant failure when explaining a find with a UUID CWE-20 4.9 Medium2021-03-01
CVE-2020-7929 Specially crafted regex query can cause DoS CWE-185 6.5 Medium2021-03-01
CVE-2019-20925 Denial of service via malformed network packet CWE-839 7.5 High2020-11-24
CVE-2018-20803 Infinite loop in aggregation expression CWE-835 6.5 Medium2020-11-23
CVE-2020-7928 Improper neutralization of null byte leads to read overrun CWE-158 6.5 Medium2020-11-23

All 74 known CVE vulnerabilities affecting MongoDB Server with full Chinese analysis, references, and POCs where available.