Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/03/17 5:31 p.m.1 views

CLSA-2026-1773768694 Fix CVE(s): CVE-2025-14847

SECURITY UPDATE: Unauthenticated heap memory disclosure via mismatched zlib compressed protocol headers MongoBleed - debian/patches/CVE-2025-14847.patch: Return actual decompressed size instead of buffer size in ZlibMessageCompressor::decompressData - CVE-2025-14847...

8.7CVSS6.1AI score0.62808EPSS
Exploits38References1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/06 8:29 p.m.7 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Handling of Length Parameter Inconsistency (CVE-2025-14847)

Summary There is a vulnerability in MongoDB Server used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-14847. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-14847 DESCRIPTION: Mismatched length fields in Zlib compressed protocol headers may allow a read of...

8.7CVSS5.7AI score0.62808EPSS
Exploits38Affected Software1
CISA KEV Catalog
CISA KEV Catalogadded 2025/12/29 12:0 a.m.18 views

MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability

MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol headers. This vulnerability may allow a read of uninitialized heap memory by an unauthenticated client...

8.7CVSS7.1AI score0.62808EPSS
In wildExploits38
VulnCheck KEV
VulnCheck KEVadded 2025/12/28 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-14847

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...

8.7CVSS5.8AI score0.62808EPSS
In wildExploits38References10
NCSC
NCSCadded 2025/12/27 11:38 a.m.7 views

Vulnerability fixed in MongoDB

MongoDB developers have fixed a vulnerability in MongoDB. The vulnerability with reference CVE-2025-14847 allows an unauthenticated remote attacker to read uninitialized heap memory. It is caused by improperly processing length parameters in Zlib-compressed protocol headers. Misuse of the...

8.7CVSS6.7AI score0.62808EPSS
Exploits38References2
OSV
OSVadded 2025/12/19 11:15 a.m.1 views

UBUNTU-CVE-2025-14847

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...

8.7CVSS7.3AI score0.62808EPSS
Exploits38References5
Positive Technologies
Positive Technologiesadded 2025/12/19 12:0 a.m.9 views

PT-2025-52440

Name of the Vulnerable Software and Affected Versions MongoDB versions 3.6 through 8.2.3 Description MongoDB is vulnerable to a critical remote code execution RCE vulnerability CVE-2025-14847, dubbed "MongoBleed." This flaw stems from improper handling of zlib-compressed protocol headers, allowin...

9.8CVSS8.9AI score0.62808EPSS
Exploits38
Rows per page
Query Builder