CVE-2025-40906 – MongoDB BSON Serialization BSON::XS Multiple Vulnerabilities

May 17, 2025

CVE ID : CVE-2025-40906

Published : May 16, 2025, 4:15 p.m. | 16 hours, 29 minutes ago

Description : BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities.

Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755.

BSON-XS was the official Perl XS implementation of MongoDB’s BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4818 – SourceCodester Doctor’s Appointment System SQL Injection

Next Article Rilasciati Wine 10.8 e GE-Proton 10.1: tutte le novità per GNU/Linux

Highlights

CVE-2025-34118 – Linknat VOS Manager Path Traversal Vulnerability

July 16, 2025

CVE ID : CVE-2025-34118

Published : July 16, 2025, 9:15 p.m. | 5 hours, 47 minutes ago

Description : A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds, that allows unauthenticated remote attackers to read arbitrary files on the server. The vulnerability is accessible via multiple localized subpaths such as ‘/eng/’, ‘/chs/’, or ‘/cht/’, where the ‘js/lang_en_us.js’ or equivalent files are loaded. By injecting encoded traversal sequences such as ‘%c0%ae%c0%ae’ into the request path, attackers can bypass input validation and disclose sensitive files.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

14 secret phone codes that unlock hidden features on your Android and iPhone

Stop using AI for these 9 work tasks – here’s why

A smart sensor assessed my home’s risk of electrical fires, and I was impressed

I brought Samsung’s rugged Galaxy tablet on a hiking trip, and it weathered everything

AI’s Hidden Thirst: The Water Behind Tech

AI’s Hidden Thirst: The Water Behind Tech

Minesweeper game in 100 lines of pure JavaScript – easy tutorial

Maintaining Data Consistency with Laravel Database Transactions

5 Best VPN for Lenovo Laptops to Enjoy the Web Safely

5 Best VPN for Lenovo Laptops to Enjoy the Web Safely

3 Best Antivirus and Malware Protection Software

11 Best Antivirus Without Ads

CVE-2025-40906 – MongoDB BSON Serialization BSON::XS Multiple Vulnerabilities

Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware

ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure

Maingear’s new 18-inch powerhouse has one feature I’ve never seen on another gaming laptop

Amfora is a terminal browser for the Gemini protocol

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

University of Michigan Researchers Introduce OceanSim: A High-Performance GPU-Accelerated Underwater Simulator for Advanced Marine Robotics

CVE-2025-34118 – Linknat VOS Manager Path Traversal Vulnerability

CVE-2025-3710 – “KVM Over IP Switch CL5708IM Stack-based Buffer Overflow Vulnerability”

How to Set Up the New Google Auth in a React and Express App

The 5-Hour Cold Email Dilemma: How to Reclaim Your Time and Boost Outreach Efficiency

CVE-2025-40906 – MongoDB BSON Serialization BSON::XS Multiple Vulnerabilities

Related Posts