CVE-2025-40906 – MongoDB BSON Serialization BSON::XS Multiple Vulnerabilities

May 17, 2025

CVE ID : CVE-2025-40906

Published : May 16, 2025, 4:15 p.m. | 16 hours, 29 minutes ago

Description : BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities.

Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755.

BSON-XS was the official Perl XS implementation of MongoDB’s BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4818 – SourceCodester Doctor’s Appointment System SQL Injection

Next Article Rilasciati Wine 10.8 e GE-Proton 10.1: tutte le novità per GNU/Linux

Highlights

CVE-2025-46716 – Sandboxie Kernel Pointer Read Vulnerability

May 22, 2025

CVE ID : CVE-2025-46716

Published : May 22, 2025, 5:15 p.m. | 1 hour, 36 minutes ago

Description : Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to read from. SetRegValue then reads an arbitrary address, which can be a kernel pointer, into a HKLM Security SBIE registry value. This can later be retrieved by API_GET_SECURE_PARAM. Version 1.15.12 fixes the issue.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Turning User Research Into Real Organizational Change

June 2025: All AI updates from the past month

Building a culture that will drive platform engineering success

Gartner: More than 40% of agentic AI projects will be canceled in the next few years

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

This gimbal-tracking webcam has TWO cameras and a great price — but it may not be “private” enough

I spent two months using the massive Area-51 gaming rig — both a powerful beast PC and an RGB beauty queen

“Using AI is no longer optional” — Did Microsoft just make Copilot mandatory for its staff as a critical performance metric?

June report 2025

June report 2025

Make your JS functions smarter and cleaner with default parameters

Best Home Interiors in Hyderabad – Top Designers & Affordable Packages

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

This gimbal-tracking webcam has TWO cameras and a great price — but it may not be “private” enough

I spent two months using the massive Area-51 gaming rig — both a powerful beast PC and an RGB beauty queen

CVE-2025-40906 – MongoDB BSON Serialization BSON::XS Multiple Vulnerabilities

CVE-2025-6554 Actively Exploited Google Chrome Zeroday

Cyber Brief 25-07 – June 2025

AMD Ryzen Chipset Driver Update 7.06.02.123 Adds CETCOMPAT Support

New Pressures, Old Systems: Why Government CISOs Are Calling for Cyber Resilience Now

I tested this 16,000mAh Android phone with a built-in smartwatch – here’s my verdict a week later

CVE-2025-4951 – Rapid7 AppSpider Pro Stored Cross-Site Scripting Vulnerability

CVE-2025-46716 – Sandboxie Kernel Pointer Read Vulnerability

Celebrating GAAD by Committing to Universal Design: Equitable Use

CVE-2025-24473 – Fortinet FortiClient Information Disclosure

Want to upgrade your home’s tech? First, assess your energy maturity – here’s how

CVE-2025-40906 – MongoDB BSON Serialization BSON::XS Multiple Vulnerabilities

Related Posts