Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

mongodb vulnerabilities and exploits

(subscribe to this query)
3.1
CVSSv3

CVE-2025-3082

A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version before 5.0.31, MongoDB Server v6.0 version before 6.0.20, MongoDB Server v7...
Mongodb Mongodb 5.0.0Mongodb Mongodb 5.0.1Mongodb Mongodb 5.0.2Mongodb Mongodb 5.0.3Mongodb Mongodb 5.0.4Mongodb Mongodb 5.0.5Mongodb Mongodb 5.0.6Mongodb Mongodb 5.0.7Mongodb Mongodb 5.0.8Mongodb Mongodb 5.0.9Mongodb Mongodb 5.0.10Mongodb Mongodb 5.0.11
7.5
CVSSv3

CVE-2025-3083

Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions before 5.0.31, MongoDB v6.0 versions before 6.0.20 and MongoDB v7.0 versions...
Mongodb Mongodb 5.0.0Mongodb Mongodb 5.0.1Mongodb Mongodb 5.0.2Mongodb Mongodb 5.0.3Mongodb Mongodb 5.0.4Mongodb Mongodb 5.0.5Mongodb Mongodb 5.0.6Mongodb Mongodb 5.0.7Mongodb Mongodb 5.0.8Mongodb Mongodb 5.0.9Mongodb Mongodb 5.0.10Mongodb Mongodb 5.0.11
6.5
CVSSv3

CVE-2025-3084

When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 before 5.0.31, MongoDB Server v6.0 before 6.0.20, MongoDB Server v7.0 before 7.0.16 and Mo...
Mongodb Mongodb 5.0.0Mongodb Mongodb 5.0.1Mongodb Mongodb 5.0.2Mongodb Mongodb 5.0.3Mongodb Mongodb 5.0.4Mongodb Mongodb 5.0.5Mongodb Mongodb 5.0.6Mongodb Mongodb 5.0.7Mongodb Mongodb 5.0.8Mongodb Mongodb 5.0.9Mongodb Mongodb 5.0.10Mongodb Mongodb 5.0.11
6.4
CVSSv2

CVE-2012-6619

The default configuration for MongoDB prior to 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.
Mongodb MongodbMongodb Mongodb 1.2.0Mongodb Mongodb 1.4.0Mongodb Mongodb 1.6.0Mongodb Mongodb 1.8.0Mongodb Mongodb 2.0.0Mongodb Mongodb 2.0.1Mongodb Mongodb 2.0.2Mongodb Mongodb 2.0.3Mongodb Mongodb 2.0.4Mongodb Mongodb 2.0.5Mongodb Mongodb 2.0.6
6
CVSSv2

CVE-2013-1892

MongoDB prior to 2.0.9 and 2.2.x prior to 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted ...
Mongodb MongodbMongodb Mongodb 1.2.0Mongodb Mongodb 1.4.0Mongodb Mongodb 1.6.0Mongodb Mongodb 1.8.0Mongodb Mongodb 2.0.0Mongodb Mongodb 2.0.1Mongodb Mongodb 2.0.2Mongodb Mongodb 2.0.3Mongodb Mongodb 2.0.4Mongodb Mongodb 2.0.5Mongodb Mongodb 2.0.6
5
CVSSv2

CVE-2015-1609

MongoDB prior to 2.4.13 and 2.6.x prior to 2.6.8 allows remote malicious users to cause a denial of service via a crafted UTF-8 string in a BSON request.
Fedoraproject Fedora 21Mongodb MongodbMongodb Mongodb 2.6.0Mongodb Mongodb 2.6.1Mongodb Mongodb 2.6.2Mongodb Mongodb 2.6.3Mongodb Mongodb 2.6.4Mongodb Mongodb 2.6.5Mongodb Mongodb 2.6.6Mongodb Mongodb 2.6.7
6.5
CVSSv2

CVE-2013-4650

MongoDB 2.4.x prior to 2.4.5 and 2.5.x prior to 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database.
Mongodb Mongodb 2.4.0Mongodb Mongodb 2.4.1Mongodb Mongodb 2.4.2Mongodb Mongodb 2.4.3Mongodb Mongodb 2.4.4Mongodb Mongodb 2.5.0
6.5
CVSSv2

CVE-2013-3969

The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 up to and including 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object.
Mongodb Mongodb 2.4.0Mongodb Mongodb 2.4.1Mongodb Mongodb 2.4.2Mongodb Mongodb 2.4.3Mongodb Mongodb 2.4.4
8.4
CVSSv3

CVE-2025-0755

The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible appli...
Mongodb Libbson 0.2.0Mongodb Libbson 0.2.2Mongodb Libbson 0.2.4Mongodb Libbson 0.4.0Mongodb Libbson 0.5.0Mongodb Libbson 0.6.0Mongodb Libbson 0.6.2Mongodb Libbson 0.6.4Mongodb Libbson 0.6.6Mongodb Libbson 0.6.8Mongodb Libbson 0.8.0Mongodb Libbson 0.8.2
7.6
CVSSv3

CVE-2025-1691

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using &lsq...
Mongodb Mongosh 0.2.2Mongodb Mongosh 0.3.1Mongodb Mongosh 0.4.0Mongodb Mongosh 0.4.2Mongodb Mongosh 0.5.0Mongodb Mongosh 0.5.2Mongodb Mongosh 0.6.1Mongodb Mongosh 0.7.7Mongodb Mongosh 0.8.0Mongodb Mongosh 0.8.1Mongodb Mongosh 0.8.2Mongodb Mongosh 0.9.0
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-42599CVE-2025-3808phpgurukulinsecure direct object referenceCVE-2025-3840CVE-2025-43967men salon management systemdenial of servicevirtuemart component for joomlapritunlLFICVE-2025-32433CVE-2022-47112
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook