CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

90 matches found

Positive Technologies•added 2026/04/16 12:0 a.m.•4 views

PT-2026-33367

Name of the Vulnerable Software and Affected Versions spdystream versions prior to 0.5.1 Description The SPDY/3 frame parser fails to validate attacker-controlled counts and lengths before allocating memory. This occurs in three allocation paths: the SETTINGS frame entry count, the header count i...

9.8CVSS5.8AI score0.0043EPSS

Exploits0References422

RedhatCVE•added 2026/03/26 3:11 p.m.•4 views

CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

6.9CVSS5.8AI score0.00644EPSS

Exploits0References1

SUSE CVE•added 2026/03/16 5:32 p.m.•5 views

SUSE CVE-2026-23943

5.3CVSS5.8AI score0.00644EPSS

Exploits0References6

Debian CVE•added 2026/03/13 9:11 a.m.•3 views

CVE-2026-23943

6.9CVSS7.3AI score0.00644EPSS

Exploits0

OSV•added 2026/03/13 9:11 a.m.•2 views

EEF-CVE-2026-23943 Pre-auth SSH DoS via unbounded zlib inflate

Summary Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh ssh\transport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads...

6.9CVSS7.2AI score0.00644EPSS

Exploits0References6

OSV•added 2026/03/05 2:16 a.m.•5 views

AZL-79410 CVE-2026-3381 affecting package python-tensorflow-estimator 2.11.0-2

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...

9.8CVSS5.8AI score0.00548EPSS

Exploits1References1

Information Security Automation•added 2026/01/19 1:55 p.m.•9 views

About Information Disclosure – MongoDB “MongoBleed” (CVE-2025-14847) vulnerability

About Information Disclosure - MongoDB "MongoBleed" CVE-2025-14847 vulnerability. MongoDB is a popular NoSQL database that stores data as JSON-like documents with an optional schema. The project is licensed under the SSPL. A flaw in MongoDB’s handling of the data length parameter during zlib...

8.7CVSS5.6AI score0.83007EPSS

Exploits39

IBM Security Bulletins•added 2026/01/15 7:48 p.m.•16 views

Security Bulletin: IBM WebSphere Automation is affected by MongoDB security vulnerability

Summary IBM WebSphere Automation is affected by a MongoDB security vulnerability CVE-2025-14847. Vulnerability Details CVEID:CVE-2025-14847 DESCRIPTION: Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This...

8.7CVSS7AI score0.83007EPSS

Exploits39Affected Software1

GithubExploit•added 2025/12/30 3:14 p.m.•243 views

Exploit for CVE-2025-14847

CVE-2025-14847 - MongoBleed !Pythonhttps://img.shields.io...

8.7CVSS7.2AI score0.83007EPSS

Exploits39

GithubExploit•added 2025/12/29 9:34 p.m.•149 views

Exploit for CVE-2025-14847

CVE-2025-14847 MongoBleed 📜 Des...

8.7CVSS6.9AI score0.83007EPSS

Exploits39

Rapid7 Blog•added 2025/12/29 2:16 p.m.•12 views

MongoBleed CVE-2025-14847: Critical Memory Leak in MongoDB Allowing Attackers to Extract Sensitive Data

Overview On December 19, 2025, MongoDB Inc. disclosed a critical new vulnerability, CVE-2025-14847, which has since been dubbed MongoBleed. This vulnerability is a high-severity unauthenticated memory leak affecting MongoDB, one of the world's most popular document-oriented databases. While...

8.7CVSS7AI score0.83007EPSS

Exploits39

Rockylinux•added 2025/12/27 9:4 a.m.•5 views

mingw-zlib security update

An update is available for mingw-zlib. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The zlib packages provide a general-purpose lossless data compression...

7.5CVSS8.1AI score0.51733EPSS

Exploits1

OSV•added 2025/12/19 11:15 a.m.•7 views

BIT-MONGODB-2025-14847 Zlib compressed protocol header length confusion may allow memory read

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...

8.7CVSS6.9AI score0.83007EPSS

Exploits39References4

CNNVD•added 2025/12/19 12:0 a.m.•9 views

MongoDB Server 安全漏洞

MongoDB Server is a set of open source NoSQL databases from the American company MongoDB. The database provides collection-oriented storage, dynamic querying, data replication and automatic failover. A security vulnerability exists in MongoDB Server, which stems from a Zlib compression protocol...

8.7CVSS6.7AI score0.83007EPSS

Exploits39References3

FreeBSD•added 2025/12/19 12:0 a.m.•12 views

MongoDB -- Improper Handling of Length Parameter Inconsistency

https://jira.mongodb.org/browse/SERVER-115508 reports: Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client...

8.7CVSS6.8AI score0.83007EPSS

Exploits39References1