In MongoDB Server version 8.1.0 a high severity vulnerability CVE-2025-7259 was detected. This vulnerability allows authorized users to issue queries with duplicate id fields, leading to unexpected behavior and potentially causing the server to crash. This may result in a denial of service. To address this issue users must upgrade to a patched version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7259.
Read more DatabaseIn MongoDB Server versions prior to 6.0.23, 7.0.20, and 8.0.9 a medium severity vulnerability CVE-2025-6714 was detected. This vulnerability allows attackers to send malformed data that can make the MongoDB server stop responding to new connections. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6714.
Read more DatabaseIn MongoDB Server versions prior to 8.0.7 (8.0 series), 7.0.20 (7.0 series), and 6.0.22 (6.0 series) a medium severity vulnerability CVE-2025-6713 was detected. This vulnerability allows unauthorized users to access data by exploiting improper handling of the $mergeCursors stage in aggregation pipelines. The flaw can lead to exposure of data without proper authorization. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6713.
Read more DatabaseIn Apache Cassandra versions 4.0.0 through 4.0.15, 4.1.0 through 4.1.7, and 5.0.0 through 5.0.2
a high severity vulnerability CVE-2025-24860 was detected. This vulnerability allows users to access unauthorized datacenters or IP/CIDR groups and modify their own permissions via DCL statements. To fix this issue, users should upgrade to versions 4.0.16, 4.1.8, or 5.0.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24860.
In MongoDB Server versions 6.0 prior to 6.0.21, 7.0 prior to 7.0.17, and 8.0 prior to 8.0.4 a high severity vulnerability CVE-2025-6706 was detected. This vulnerability allows authenticated users to trigger a use-after-free condition that may result in a MongoDB Server crash and other unexpected behavior, even without authorization to shut down the server. To address this issue users must upgrade to versions 6.0.21, 7.0.17, or 8.0.4 respectively. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6706.
Read more DatabaseIn MongoDB Server versions prior to 7.0.17, 8.0.5 and 6.0.21 a high severity vulnerability CVE-2025-6709 was detected. This vulnerability allows attackers to trigger a denial of service by submitting specially crafted JSON input containing specific date values when using OIDC authentication. To address this issue, users should upgrade MongoDB Server to versions 7.0.17, 8.0.5 or 6.0.21. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6709.
Read more DatabaseIn MongoDB Server versions prior to 7.0.17, 8.0.5 and 6.0.21 a high severity vulnerability CVE-2025-6710 was detected. This vulnerability allows attackers to trigger a stack overflow by sending specially crafted JSON inputs that induce deep recursion during parsing, leading to server crashes. To address this issue, users should upgrade MongoDB Server to versions 7.0.17, 8.0.5 or 6.0.21. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6710.
Read more DatabaseIn MongoDB Server versions prior to 5.0.31, 6.0.24, 7.0.21 and 8.0.5 a medium severity vulnerability CVE-2025-6707 was detected. This vulnerability allows authenticated users to execute requests with stale privileges under certain conditions, even after an authorized administrator has modified their access rights. To address this issue, users should upgrade MongoDB Server to versions 5.0.31, 6.0.24, 7.0.21 or 8.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6707.
Read more DatabaseIn GeoServer versions prior to 2.25.0 a critical severity vulnerability CVE-2024-34711 was detected. This vulnerability allows attackers to perform XML External Entity (XXE) attacks, enabling them to send GET requests to arbitrary HTTP servers. The flaw lies in improper URI validation in XML entity resolution, which can be exploited to scan internal networks and gather sensitive information. To address this issue, users should upgrade GeoServer to versions 2.25.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-34711.
Read more Database