Search CVE reports

Toggle filters

1 – 10 of 1758 results

CVE-2025-14345

Medium priority
Needs evaluation

A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a...

1 affected package

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2025-13699

Medium priority
Needs evaluation

[Unknown description]

1 affected package

mariadb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mariadb Needs evaluation Not in release
Show less packages

CVE-2025-13644

Medium priority
Needs evaluation

MongoDB Server may experience an invariant failure during batched delete operations when handling documents. The issue arises when the server mistakenly assumes the presence of multiple documents in a batch based solely on...

1 affected package

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2025-13643

Medium priority
Needs evaluation

A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users. This may cause a denial of service by preventing a fraction of queries...

1 affected package

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2025-13507

Medium priority
Needs evaluation

Inconsistent object size validation in time series processing logic may result in later processing of oversized BSON documents leading to an assert failing and process termination. This issue impacts MongoDB Server v7.0 versions...

1 affected package

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2025-12893

Medium priority
Needs evaluation

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage (EKU) requirements. A certificate that specifies extendedKeyUsage...

1 affected package

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2025-12119

Medium priority
Needs evaluation

A mongoc_bulk_operation_t may read invalid memory if large options are passed.

2 affected packages

mongo-c-driver, php-mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongo-c-driver Needs evaluation Needs evaluation Needs evaluation
php-mongodb Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-12657

Medium priority
Needs evaluation

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.

1 affected package

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2025-53069

Medium priority

Some fixes available 4 of 11

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high...

11 affected packages

mysql-5.5, mysql-5.7, mysql-8.0, mysql-8.4, mariadb...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mysql-5.5 Not in release Not in release
mysql-5.7 Not in release Not in release Ignored
mysql-8.0 Fixed Fixed Needs evaluation
mysql-8.4 Not in release Not in release
mariadb Not affected Not in release
mariadb-10.0 Not in release Not in release
mariadb-10.1 Not in release Not in release Not affected
mariadb-10.3 Not in release Not in release Ignored
mariadb-10.6 Not in release Not affected
percona-xtradb-cluster-5.6 Not in release Not in release
percona-server-5.6 Not in release Not in release
Show all 11 packages Show less packages

CVE-2025-53067

Medium priority
Needs evaluation

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access...

11 affected packages

mysql-5.5, mysql-5.7, mysql-8.0, mysql-8.4, mariadb...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mysql-5.5 Not in release Not in release
mysql-5.7 Not in release Not in release Ignored
mysql-8.0 Not affected Not affected Not affected
mysql-8.4 Not in release Not in release
mariadb Not affected Not in release
mariadb-10.0 Not in release Not in release
mariadb-10.1 Not in release Not in release Not affected
mariadb-10.3 Not in release Not in release Ignored
mariadb-10.6 Not in release Not affected
percona-xtradb-cluster-5.6 Not in release Not in release
percona-server-5.6 Not in release Not in release
Show all 11 packages Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON