Database

In SQLite version 3.49.0 a critical severity vulnerability CVE-2025-29087 was detected. This vulnerability allows attackers to trigger an integer overflow using the concat function. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-29087.

In MongoDB versions prior to 5.0.31, 6.0.20 and 7.0.16 a high severity vulnerability CVE-2025-3083 was detected. This vulnerability allows unauthenticated attackers to crash the `mongos` process by sending specifically crafted MongoDB wire protocol messages. To address this issue, users should upgrade MongoDB to versions 5.0.31, 6.0.20 or 7.0.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3083.

In MongoDB Server versions prior to 5.0.31, 6.0.20, 7.0.16 and 8.0.4 a medium severity vulnerability CVE-2025-3084 was detected. This vulnerability allows malformed arguments passed to the `explain` command to bypass validation, potentially causing crashes in router (`mongos`) servers. To address this issue, users should upgrade MongoDB Server to versions 5.0.31, 6.0.20, or 7.0.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3084.

In MongoDB Server versions prior to 5.0.31, 6.0.20, 7.0.16 and 8.0.4 a high severity vulnerability CVE-2025-3085 was detected. When running on Linux with TLS and CRL checks enabled, MongoDB may skip verifying intermediate certificate revocation, potentially allowing improper or unauthenticated access, especially with MONGODB-X509 or intra-cluster authentication. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3085.

In MongoDB Server versions prior to 5.0.31, 6.0.20, 7.0.14 and 7.3.4 a low severity vulnerability CVE-2025-3082 was detected. This vulnerability allows an authorized user to alter the intended collation of a view, potentially enabling access to unintended underlying data. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3082.

In MongoDB C Driver library versions prior to 1.27.5 and MongoDB Server versions 8.0 prior to 8.0.1 and 7.0 prior to 7.0.16 a high severity vulnerability CVE-2025-0755 was detected. This vulnerability allows attackers to trigger a buffer overflow when handling BSON documents exceeding the maximum allowable size (INT32_MAX), potentially causing a segmentation fault and application crash. To address this issue, users should upgrade to libbson versions 1.27.5, MongoDB Server versions 8.0.1 or 7.0.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0755.

In NocoDB versions 0.257.9 and prior a medium severity vulnerability CVE-2025-27506 was detected. This vulnerability allows attackers to exploit a reflected Cross-Site Scripting (XSS) flaw in the /api/v1/db/auth/password/reset/:tokenId API endpoint due to the use of the insecure function “<%-" in the client-side template engine ejs, which is rendered by the function renderPasswordReset. To address this issue, users should upgrade NocoDB to versions 0.258.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27506.

In MySQL Server versions up to 9.1.0 a medium severity vulnerability CVE-2025-21567 was detected. This vulnerability allows a low-privileged attacker with network access via multiple protocols to compromise MySQL Server. To address this issue, users should upgrade to a version 9.2.0 or higher. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-21567.

In phpMyAdmin versions from 5.0.0 before 5.2.2 a medium severity vulnerability CVE-2025-24530 was detected. This vulnerability allows attackers to execute cross-site scripting (XSS) by using a crafted table or database name. To address this issue, users should upgrade to version 5.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24530.