24h | 7d | 30d

CVE-2025-14847

Overview

  • MongoDB Inc.
  • MongoDB Server
19 Dec 2025
Published
31 Dec 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
68.68%
KEV

Description

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.

Statistics

  • 5 Posts
  • 2 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture
NexaSpecs @NexaSpecs

🚀 MongoDB has disclosed a high-severity vulnerability (CVE-2025-14847) with a CVSS score of 8.7. This flaw allows unauthenticated remote attackers to read uninitialized heap memory due to improper handling of length parameter inconsistencies in compressed protocol headers. The vulnerability impacts specific releases in the 7.0, 8.0, and 8.2 series, necessitating immediate patching.

#Cybersecurity #InfoSec #Hacking #Privacy #TechSafety

👉 Full Story: nexaspecs.com/2025/12/mongodb-

  • 0
  • 1
  • 0
  • 23h ago
Profile picture
Tedi Heriyanto @tedi

Hunting MongoBleed (CVE-2025-14847): blog.ecapuano.com/p/hunting-mo

  • 0
  • 1
  • 0
  • 23h ago

Bluesky

Profile picture
CyberMaterial @cybermaterial.bsky.social
MongoDB CVE 2025 14847 Under Exploit Now Read More: buff.ly/f1JJIMJ #MongoBleed #MongoDBSecurity #CVE202514847 #ActiveExploitation #DatabaseSecurity #MemoryLeak #CloudRisk #PatchNow #InfosecAlert
  • 0
  • 0
  • 0
  • 22h ago
Profile picture
OpsMatters @opsmatters.com
The latest update for #ArcticWolf includes "2025 Year in Review: Building the Future of Security Operations" and "CVE-2025-14847: MongoBleed Information Disclosure Vulnerability Exploited in the Wild". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl
  • 0
  • 0
  • 0
  • 12h ago
Profile picture
Securitycipher @securitycipher.bsky.social
MongoBleed (CVE-2025–14847): Bug Bounty Reality of This MongoDB Vulnerability https://medium.com/@shaikhminhaz1975/mongobleed-cve-2025-14847-bug-bounty-reality-of-this-mongodb-vulnerability-cf00e98b03b4?source=rss------bug_bounty-5
  • 0
  • 0
  • 0
  • 7h ago

CVE-2025-55182

Overview

  • Meta
  • react-server-dom-webpack
03 Dec 2025
Published
11 Dec 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
47.37%
KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 2 Posts
  • 7 Interactions
Last activity: 3 hours ago

Bluesky

Profile picture
BleepingComputer @bleepingcomputer.com
The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers.
  • 3
  • 4
  • 0
  • 23h ago
Profile picture
Information Security Briefly @infosecbriefly.bsky.social
A nine-month campaign used React2Shell (CVE-2025-55182) and other N-day flaws to enroll IoT devices and web apps into the RondoDox botnet, deploying miners and Mirai variants.
  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-47812

Overview

  • wftpserver
  • Wing FTP Server
10 Jul 2025
Published
21 Oct 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
92.40%
KEV

Description

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.

Statistics

  • 2 Posts
  • 4 Interactions
Last activity: 23 hours ago

Fediverse

Profile picture
Niels Heinen @heinen

Stubborn AI honeypots give me grey hair.

Attacker sends payload:

"username=anonymous%00]]%0dlocal+h+%3d+io.popen("this is vulnerable to CVE-2025-47812")%0dlocal+r+%3d+h%3aread("*a")%0dh%3aclose()%0dprint(r)%0d--&password=
"

And the AI responsible for handling the response sends the following back to the attacker:

"This system is not affected by CVE-2025-47812.
"

*sigh*

  • 0
  • 4
  • 0
  • 23h ago

Bluesky

Profile picture
Niels Heinen @heinen.bsky.social
Stubborn AI honeypots give me grey hair. Attacker sends payload: username=anonymous%00]]%0dlocal+h+%3d+io.popen("this is vulnerable to CVE-2025-47812").... And the AI sends this to the attacker: "This system is not affected by CVE-2025-47812." *sigh* #dfir #infosec #cybersecurity #honeypot
  • 0
  • 0
  • 0
  • 23h ago

CVE-2025-13915

Overview

  • IBM
  • API Connect
26 Dec 2025
Published
26 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.37%
KEV

Description

IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.

Statistics

  • 2 Posts
Last activity: 11 hours ago

Bluesky

Profile picture
Information Security Briefly @infosecbriefly.bsky.social
A critical authentication-bypass vulnerability (CVE-2025-13915, CVSS 9.8) in IBM API Connect allows remote attackers to gain unauthorized access.
  • 0
  • 0
  • 0
  • 23h ago
Profile picture
CyberHub @cyberhub.blog
📌 Critical Authentication Bypass Flaw in IBM API Connect (CVE-2025-13915) Poses Severe Risk https://www.cyberhub.blog/article/17461-critical-authentication-bypass-flaw-in-ibm-api-connect-cve-2025-13915-poses-severe-risk
  • 0
  • 0
  • 0
  • 11h ago

CVE-2025-68131

Overview

  • agronholm
  • cbor2
31 Dec 2025
Published
31 Dec 2025
Updated
CVSS v4.0
MEDIUM (5.5)
EPSS
0.04%
KEV

Description

cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag (28) persist in memory and can be accessed by subsequent CBOR messages using the sharedref tag (29). This allows an attacker-controlled message to read data from previously decoded messages if the decoder is reused across trust boundaries. Version 5.8.0 patches the issue.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 14 hours ago

Bluesky

Profile picture
azu @azu.bsky.social
CBORの実装で値を再利用しちゃうケース "CBORDecoder reuse can leak shareable values across decode calls · CVE-2025-68131 · GitHub Advisory Database" https://github.com/advisories/GHSA-wcj4-jw5j-44wh
  • 0
  • 1
  • 0
  • 14h ago

CVE-2019-14697

Overview

  • Pending
06 Aug 2019
Published
05 Aug 2024
Updated
CVSS
Pending
EPSS
0.29%
KEV

Description

musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 20 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
CVE-2019-14697 in Flannel: a classic #Kubernetes network DoS vuln. Why does it still matter for modern security? Read more: 👉 tinyurl.com/57e8888k #Security
  • 0
  • 1
  • 0
  • 20h ago

CVE-2025-28949

Overview

  • Codedraft
  • Mediabay - WordPress Media Library Folders
31 Dec 2025
Published
31 Dec 2025
Updated
CVSS v3.1
HIGH (8.5)
EPSS
0.01%
KEV

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-28949 - High (8.5)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affects Mediabay - WordPress Media Library Folders: fr...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-52691

Overview

  • SmarterTools
  • SmarterMail
29 Dec 2025
Published
29 Dec 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.18%
KEV

Description

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Statistics

  • 1 Post
Last activity: 22 hours ago

Fediverse

Profile picture
TechNadu @technadu

CSA has published guidance on CVE-2025-52691, a critical SmarterMail vulnerability enabling potential unauthenticated remote code execution through arbitrary file uploads.

Although exploitation has not been observed, the advisory highlights the continued exposure of mail server infrastructure and the importance of timely upgrades to fixed builds.

Engage in the discussion and follow TechNadu for sober, research-driven security reporting.

  • 0
  • 0
  • 0
  • 22h ago

CVE-2025-12084

Overview

  • Python Software Foundation
  • CPython
03 Dec 2025
Published
22 Dec 2025
Updated
CVSS v4.0
MEDIUM (6.3)
EPSS
0.16%
KEV

Description

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

Statistics

  • 1 Post
Last activity: Last hour

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Just published a deep dive on #SUSE's critical security advisory (SUSE-SU-2025:4538-1) for CVE-2025-12084. It's more than just a patch note. Read more: 👉 tinyurl.com/4van5vp7 #Security
  • 0
  • 0
  • 0
  • Last hour

CVE-2025-69288

Overview

  • kromitgmbh
  • titra
31 Dec 2025
Published
31 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.20%
KEV

Description

Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version 0.99.49 fixes the issue.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-69288 - Critical (9.1)

Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitizati...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 15h ago
Showing 1 to 10 of 18 CVEs