Where
-Infinity
0

Trending

Last week
Last month
Last year

MongoDB MongoDBUsing MaxKey() may crash the server

Risk 40
Severity
7.1
First published (updated )
CVE-2026-9749

A week after Dutch FIOD seized 800+ servers, the hosting network's ASN (AS209847) is still scanning at its normal daily rate

First published (updated )
Social
reddit

MongoDB MongoDBPost-authentication CPU utilization DoS via $trim/$ltrim/$rtrim operators

Risk 27
Severity
5.3
EPSS
0.05%
First published (updated )
CVE-2026-8202

MongoDB MongoDBPost-authentication use-after-free error in $_internalJsEmit and mapreduce commands

Risk 51
Severity
7.7
EPSS
0.08%
First published (updated )
CVE-2026-8336

MongoDB MongoDBUse-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields

Risk 56
Severity
6.1
EPSS
0.03%
First published (updated )
CVE-2026-8201
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

MongoDB MongoDBSchema validation log messages may not redact user data

Risk 19
Severity
4.8
EPSS
0.04%
First published (updated )
CVE-2026-8200

MongoDB MongoDBPost-auth memory exhaustion via bitwise match expressions

Risk 29
Severity
7.1
EPSS
0.05%
First published (updated )
CVE-2026-8199

MongoDB MongoDBFlatBSON Duplicate Field Index Drift

Risk 56
Severity
8.7
EPSS
0.07%
First published (updated )
CVE-2026-8053

MongoDB MongoDB ServerPost-auth null pointer dereference when aggregating against a view with empty search pipeline

Risk 29
Severity
7.1
EPSS
0.04%
First published (updated )
CVE-2026-8063

MongoDB MongoDBFlaw in the updateUser Command May Allow Unauthorized Configuration Change

Risk 33
Severity
5.3
EPSS
0.05%
First published (updated )
CVE-2026-6915
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

MongoDB MongoDBMD5 checksum creation may cause availability loss

Risk 31
Severity
7.1
EPSS
0.04%
First published (updated )
CVE-2026-6914

MongoDB MongoDBUsers could trigger a crash of mongod primaries during promotion to sharded

Risk 25
Severity
6
EPSS
0.05%
First published (updated )
CVE-2026-5170

MongoDB MongoDBMemory safety issues in slot-based execution hash table spill

Risk 37
Severity
6.1
EPSS
0.08%
First published (updated )
CVE-2026-4358

MongoDB MongoDBExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation operators

Risk 56
Severity
8.8
EPSS
0.05%
First published (updated )
CVE-2026-4148

MongoDB MongoDBStack memory disclosure in filemd5 command

Risk 29
Severity
7.1
EPSS
0.03%
First published (updated )
CVE-2026-4147
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

MongoDB MongoDBAn unsafe cast in the MongoDB query planner can result in a segmentation fault.

Risk 29
Severity
7.1
EPSS
0.05%
First published (updated )
CVE-2026-25613

MongoDB MongoDBMongod can run out of stack memory when expressions create deeply nested documents

Risk 43
Severity
7.5
First published (updated )
CVE-2026-1849

MongoDB MongoDBAn authorized user may disable the MongoDB server by issuing a certain type of complex query due to boolean expression simplification

Risk 43
Severity
7.5
First published (updated )
CVE-2026-1850

MongoDB MongoDBprofile command may permit unauthorized configuration

Risk 25
Severity
5.4
EPSS
0.03%
First published (updated )
CVE-2026-25609

MongoDB MongoDBInvalid $geoNear index hint may cause server crash

Risk 29
Severity
7.1
EPSS
0.05%
First published (updated )
CVE-2026-25610
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

MongoDB MongoDBConnections received from the proxy port may not count towards total accepted connections

Risk 43
Severity
8.2
First published (updated )
CVE-2026-1848

MongoDB MongoDBMongoDB Server may crash when inserting large documents

Risk 43
Severity
7.5
First published (updated )
CVE-2026-1847

MongoDB MongoDBInteger Overflow in GridFS chunkSize Leading to Heap Allocation Failure

Risk 40
Severity
7.1
First published (updated )
CVE-2025-14911

oss-sec"MongoBleed" CVE-2025-14847 in many versions of MongoDB

First published (updated )
https://seclists.org/oss-sec/2025/q4/326

BleepingComputerMongoDB warns admins to patch severe RCE flaw immediately

Exploited
First published (updated )
News
BleepingComputer
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

BleepingComputerMongoDB warns admins to patch severe vulnerability immediately

Exploited
First published (updated )
News
BleepingComputer

MongoDB MongoDB ServerMongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability

Risk 65
Severity
8.7
Exploited
First published (updated )
CVE-2025-14847

MongoDB MongoDBCross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server

Risk 34
Severity
5.4
First published (updated )
CVE-2025-14345

MongoDB MongoDBMongoDB may be susceptible to Invariant Failure due to batched delete

Risk 43
Severity
7.5
First published (updated )
CVE-2025-13644

MongoDB MongoDBMongoDB Server may allow queries to be terminated by unauthorized users

Risk 38
Severity
6.5
First published (updated )
CVE-2025-13643
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203