In MongoDB Server versions prior to 5.0.31, 6.0.20, 7.0.16 and 8.0.4 a high severity vulnerability CVE-2025-3085 was detected. When running on Linux with TLS and CRL checks enabled, MongoDB may skip verifying intermediate certificate revocation, potentially allowing improper or unauthenticated access, especially with MONGODB-X509 or intra-cluster authentication. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3085.
Read more DatabaseIn MongoDB Server versions prior to 5.0.31, 6.0.20, 7.0.14 and 7.3.4 a low severity vulnerability CVE-2025-3082 was detected. This vulnerability allows an authorized user to alter the intended collation of a view, potentially enabling access to unintended underlying data. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3082.
Read more DatabaseIn MongoDB C Driver library versions prior to 1.27.5 and MongoDB Server versions 8.0 prior to 8.0.1 and 7.0 prior to 7.0.16 a high severity vulnerability CVE-2025-0755 was detected. This vulnerability allows attackers to trigger a buffer overflow when handling BSON documents exceeding the maximum allowable size (INT32_MAX), potentially causing a segmentation fault and application crash. To address this issue, users should upgrade to libbson versions 1.27.5, MongoDB Server versions 8.0.1 or 7.0.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0755.
Read more DatabaseIn NocoDB versions 0.257.9 and prior a medium severity vulnerability CVE-2025-27506 was detected. This vulnerability allows attackers to exploit a reflected Cross-Site Scripting (XSS) flaw in the /api/v1/db/auth/password/reset/:tokenId API endpoint due to the use of the insecure function “<%-" in the client-side template engine ejs, which is rendered by the function renderPasswordReset. To address this issue, users should upgrade NocoDB to versions 0.258.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27506.
Read more DatabaseIn MySQL Server versions up to 9.1.0 a medium severity vulnerability CVE-2025-21567 was detected. This vulnerability allows a low-privileged attacker with network access via multiple protocols to compromise MySQL Server. To address this issue, users should upgrade to a version 9.2.0 or higher. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-21567.
Read more DatabaseIn phpMyAdmin versions from 5.0.0 before 5.2.2 a medium severity vulnerability CVE-2025-24530 was detected. This vulnerability allows attackers to execute cross-site scripting (XSS) by using a crafted table or database name. To address this issue, users should upgrade to version 5.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24530.
Read more DatabaseIn phpMyAdmin versions from 5.0.0 before 5.2.2 a medium severity vulnerability CVE-2025-24529 was detected. This vulnerability allows attackers to execute cross-site scripting (XSS) through the Insert tab. To address this issue, users should upgrade phpMyAdmin to version 5.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24529.
Read more DatabaseIn MySQL Server versions 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior a medium severity vulnerability CVE-2025-21543 was detected. This vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or repeatedly crash the server, resulting in a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21543.
Read more DatabaseIn MySQL Connectors (component: Connector/Python) versions 9.1.0 and prior a medium severity vulnerability CVE-2025-21548 was detected. This vulnerability allows a high-privileged attacker with network access and user interaction to create, delete, or modify critical data, access sensitive data, and cause a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21548.
Read more Database