Tag Archives: MongoBleed

February Linux Patch Wednesday

Leave a reply

February Linux Patch Wednesday

February Linux Patch Wednesday. In February, Linux vendors addressed 632 vulnerabilities – 1.5× fewer than in January, including 305 in the Linux Kernel. Two vulnerabilities show signs of in-the-wild exploitation:

🔻 RCE – Chromium (CVE-2026-2441)
🔻 InfDisc – MongoDB “MongoBleed” (CVE-2025-14847)

Public exploits are available or suspected for 56 more vulnerabilities. Notable ones include:

🔸 RCE – OpenSSL (CVE-2025-15467, CVE-2025-69421, CVE-2025-11187), pgAdmin (CVE-2025-12762, CVE-2025-13780), DiskCache (CVE-2025-69872), PyTorch (CVE-2026-24747), Wheel (CVE-2026-24049)
🔸 AuthBypass – M/Monit (CVE-2020-36968)
🔸 EoP – Grafana (CVE-2025-41115, CVE-2026-21721), M/Monit (CVE-2020-36969)
🔸 AFR – Proxmox Virtual Environment (CVE-2024-21545)
🔸 SFB – Chromium (CVE-2026-1504), Roundcube (CVE-2026-25916)

🗒 Full Vulristics report

На русском

January “In the Trend of VM” (#23): vulnerabilities in Windows, React and MongoDB

Leave a reply

January In the Trend of VM (#23): vulnerabilities in Windows, React and MongoDB

January “In the Trend of VM” (#23): vulnerabilities in Windows, React and MongoDB. Traditional monthly roundup of trending vulnerabilities. Launching the 2026 season. 🙂

🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)

In total, three vulnerabilities:

🔻 EoP – Windows Cloud Files Mini Filter Driver (CVE-2025-62221)
🔻 RCE – React Server Components “React2Shell” (CVE-2025-55182)
🔻 InfDisc – MongoDB “MongoBleed” (CVE-2025-14847)

🟥 Trending Vulnerabilities Portal

На русском

About Information Disclosure – MongoDB “MongoBleed” (CVE-2025-14847) vulnerability

Leave a reply

About Information Disclosure - MongoDB MongoBleed (CVE-2025-14847) vulnerability

About Information Disclosure – MongoDB “MongoBleed” (CVE-2025-14847) vulnerability. MongoDB is a popular NoSQL database that stores data as JSON-like documents with an optional schema. The project is licensed under the SSPL. A flaw in MongoDB’s handling of the data length parameter during zlib compression allows a remote, unauthenticated attacker to access uninitialized memory and, consequently, sensitive data (credentials, keys, customer data, etc.).

⚙️ “Critical fix” was released on December 19. The vulnerability is fixed in versions 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, and 4.4.30.

🛠👾 A public exploit appeared on GitHub on December 26. Exploiting it only requires specifying a host, port, and memory read offsets. Immediately after the exploit was published, mass exploitation began, according to Wiz. The vulnerability was added to the CISA KEV on December 29.

🌐 Censys reports ~86k vulnerable servers online, including ~2k in Russia.

На русском