PT-2026-2158

Name of the Vulnerable Software and Affected Versions zlib versions up to and including 1.3.1.2 Description zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname function uses an unbounded strcpy call to copy an attacker-supplied archive nam...

PT-2026-6114

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to handling crypto compressors during hibernation. Specifically, the crypto alloc acomp function can return an error pointer ERR PTR instead of...

PT-2026-21766

Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.2 NATS-Server versions prior to 2.12.3 Description NATS-Server, a high-performance messaging system, has an issue in its WebSocket implementation. The server handles compressed messages via WebSocket negotiat...

Exploit for CVE-2025-14847

CVE-2025-14847 - MongoBleed !Pythonhttps://img.shields.io...

Exploit for CVE-2025-14847

CVE-2025-14847 CVE-2025-14847 Vulnerability Environment with a...

Exploit for CVE-2025-14847

CVE-2025-14847 MongoBleed 📜 Des...

MongoBleed CVE-2025-14847: Critical Memory Leak in MongoDB Allowing Attackers to Extract Sensitive Data

Overview On December 19, 2025, MongoDB Inc. disclosed a critical new vulnerability, CVE-2025-14847, which has since been dubbed MongoBleed. This vulnerability is a high-severity unauthenticated memory leak affecting MongoDB, one of the world's most popular document-oriented databases. While...

mingw-zlib security update

An update is available for mingw-zlib. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The zlib packages provide a general-purpose lossless data compression...

RLSA-2022:7813 Important: mingw-zlib security update

The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Security Fixes: zlib: A flaw found in zlib when compressing not decompressing certain inputs CVE-2018-25032 For more details about the security issues, including the impact, a CV...

RockyLinux 8 : mingw-zlib (RLSA-2022:7813)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7813 advisory. zlib: A flaw found in zlib when compressing not decompressing certain inputs CVE-2018-25032 Tenable has extracted the preceding description block directly from th...

Linux Distros Unpatched Vulnerability : CVE-2023-54068

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: compress: fix to call f2fswaitonpagewriteback in f2fswriterawpages BUGON will be triggered when writing files concurrently, because the same page is...

CVE-2023-54068

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to call f2fswaitonpagewriteback in f2fswriterawpages BUGON will be triggered when writing files concurrently, because the same page is writtenback multiple times. 1597 void folioendwritebackstruct folio folio...

UBUNTU-CVE-2023-54068

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to call f2fswaitonpagewriteback in f2fswriterawpages BUGON will be triggered when writing files concurrently, because the same page is writtenback multiple times. 1597 void folioendwritebackstruct folio folio...

SUSE CVE-2024-29370

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

CLSA-2025-1765997462 unbound: Fix of CVE-2024-8508

CVE-2024-8508: limit number of name compression calculations per packet to prevent denial of service attacks...

BIT-MONGODB-2025-14847 Zlib compressed protocol header length confusion may allow memory read

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...

SUSE-SU-2025:4489-1 Security update for netty

This update for netty fixes the following issues: Update to upstream version 4.1.130. Security issues fixed: - CVE-2025-67735: lack of URI sanitization in HttpRequestEncoder allows for CRLF injection through a request URI and can lead to request smuggling bsc1255048. Other updates and bugfixes: -...

SUSE CVE-2024-29371

In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...

MongoDB Server 安全漏洞

MongoDB Server is a set of open source NoSQL databases from the American company MongoDB. The database provides collection-oriented storage, dynamic querying, data replication and automatic failover. A security vulnerability exists in MongoDB Server, which stems from a Zlib compression protocol...

MongoDB -- Improper Handling of Length Parameter Inconsistency

https://jira.mongodb.org/browse/SERVER-115508 reports: Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client...