CVE-2025-6709 – MongoDB OIDC Date Denial of Service

June 26, 2025

CVE ID : CVE-2025-6709

Published : June 26, 2025, 2:15 p.m. | 49 minutes ago

Description : The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. This issue affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB Server v8.0 versions prior to 8.0.5.

The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, but an attacker can only induce denial of service after authenticating.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6707 – MongoDB Privilege Escalation Vulnerability

Next Article CVE-2025-6706 – MongoDB Server Use After Free Vulnerability

Highlights

CVE-2025-5179 – Realce Tecnologia Queue Ticket Kiosk Cross-Site Scripting Vulnerability

May 26, 2025

CVE ID : CVE-2025-5179

Published : May 26, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : A vulnerability classified as problematic was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Affected by this vulnerability is an unknown functionality of the file /adm/index.php of the component Cadastro de Administrador Page. The manipulation of the argument Name/Usuário leads to cross site scripting. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Jakarta EE 11 Platform launches with modernized Test Compatibility Kit framework

Can Good UX Protect Older Users From Digital Scams?

Warp 2.0 evolves terminal experience into an Agentic Development Environment

Qodo launches CLI agent framework

My laptop webcam wasn’t cutting it for video calls – then I discovered this accessory

The top 6 TVs ZDNET readers are buying (no. 1 has the best picture quality we’ve ever seen)

You should probably delete any sensitive screenshots you have in your phone right now. Here’s why

Can these $100 Android phones replace my flagship? The result after weeks of testing

A bot posting the Echo JS RSS feed to Bluesky

A bot posting the Echo JS RSS feed to Bluesky

Accepting Multiple Parameters in Laravel Commands

Translate Your App to Other Languages With Laravel Gemini Translator

Distribution Release: deepin 25

Distribution Release: deepin 25

SpicyPass is a lightweight password manager

Raspberry Pi 5 Desktop Mini PC: 2.5Gbps Networking

CVE-2025-6709 – MongoDB OIDC Date Denial of Service

CVE-2025-48922 – Drupal GLightbox Cross-Site Scripting (XSS) Vulnerability

CVE-2025-48923 – Drupal Toc.Js Cross-Site Scripting (XSS)

How tech giants like Netflix built resilient systems with chaos engineering

CVE-2025-52488 – DNN NTLM Hash Exposure Vulnerability

Oxford City Council Cyberattack Disrupts Services and Exposes Historic Election Data

Microsoft fixes Surface Hub boot issues with emergency update

CVE-2025-5179 – Realce Tecnologia Queue Ticket Kiosk Cross-Site Scripting Vulnerability

Rilasciato Wine 10.9: Novità e Miglioramenti

Critical AWS Amplify Studio Flaw Allows Code Execution – Update Now!

How to Build a REST API in Django

CVE-2025-6709 – MongoDB OIDC Date Denial of Service

Related Posts