ROS-20251031-01

Vulnerability of MongoDB database management system is related to incorrect processing of certain accumulator functions when additional parameters are specified in the $group operation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

EUVD-2025-19177

Malicious code in bioql PyPI...

MongoDB 6.0.x < 6.0.21 / 7.0.x < 7.0.17 / 8.0.x < 8.0.4 Unexpected Behavior (SERVER-106746)

The version of MongoDB installed on the remote host is 6.0 prior to 6.0.21, 7.0 prior to 7.0.17 and 8.0 prior to 8.0.4. It is, therefore, affected by a vulnerability as referenced in the SERVER-106746 advisory. - An authenticated user may trigger a use after free that may result in MongoDB Server...

CVE-2025-6706

An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework operation using a specific...

CVE-2025-6706

An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework operation using a specific...

CVE-2025-6706

CVE-2025-6706 affects MongoDB Server when the SBE engine is enabled. An authenticated user can trigger a use-after-free via a specific aggregation pipeline pattern, potentially crashing the server and causing other unexpected behavior without needing shutdown privileges. Affected versions are Mon...

PT-2025-26971

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 6.0.21 MongoDB Server versions prior to 7.0.17 MongoDB Server versions prior to 8.0.4 Description: An authenticated user may trigger a use after free, resulting in a MongoDB Server crash and other unexpected...