CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
seclists.org
[KIS-2025-11] Open Journal Systems <= 3.5.0-1 (NativeXmlIssueGalleyFilter.php) Path Traversal Vulnerability
Full Disclosure mailing list archives From: Egidio Romano <n0b0d13s () gmail com> Date: Tue, 23 Dec 2025 12:18:17 +0100 -------------------------------------------------------------------------------- ...
-
seclists.org
[KIS-2025-10] PKP-WAL <= 3.5.0-1 (Institution Collector) SQL Injection Vulnerability
Full Disclosure mailing list archives From: Egidio Romano <n0b0d13s () gmail com> Date: Tue, 23 Dec 2025 12:17:34 +0100 ---------------------------------------------------------------------- PKP-WAL < ...
-
CybersecurityNews
87,000+ MongoDB Instances Vulnerable to MongoBleed Flaw Exposed Online – PoC Exploit Released
A high-severity vulnerability in MongoDB Server that allows unauthenticated remote attackers to siphon sensitive data from database memory. Dubbed “MongoBleed” due to its automated similarities to the ...
-
security.nl
NCSC verwacht op korte termijn misbruik van MongoDB-kwetsbaarheid
Het Nationaal Cyber Security Centrum (NCSC) verwacht dat aanvallers op korte termijn misbruik zullen maken van een kwetsbaarheid in MongoDB waarvoor een aantal dagen geleden een beveiligingsupdate ver ...
-
CybersecurityNews
Mongobleed PoC Exploit Tool Released for MongoDB Flaw that Exposes Sensitive Data
A proof-of-concept (PoC) exploit dubbed “mongobleed” for CVE-2025-14847, a critical unauthenticated memory leak vulnerability in MongoDB’s zlib decompression handling. Dubbed by its creator Joe Desimo ...
-
TheCyberThrone
CVE-2025-14847 affecting MongoDB
December 27, 2025CVE-2025-14847 exposes MongoDB Server to unauthenticated remote attacks through malformed zlib-compressed protocol headers, leaking uninitialized heap memory on port 27017. This high- ...
-
The Hacker News
New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory
Dec 27, 2025Ravie LakshmananDatabase Security / Vulnerability A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. Th ...
-
CybersecurityNews
TeamViewer DEX Vulnerabilities Let Attackers Trigger DoS Attack and Expose Sensitive Data
Multiple critical vulnerabilities in TeamViewer DEX Client’s Content Distribution Service (NomadBranch.exe), formerly part of 1E Client. Affecting Windows versions before 25.11 and select older branch ...
-
CybersecurityNews
M-Files Vulnerability Let Attacker Capture Session Tokens of Other Active Users
An information disclosure vulnerability in M-Files Server enables authenticated attackers to capture and reuse session tokens from active users. Potentially gaining unauthorized access to sensitive do ...
-
The Cyber Express
Critical Net-SNMP Flaw CVE-2025-68615 Allows Remote Buffer Overflow and Service Crashes
A newly disclosed security issue in the Net-SNMP software suite has raised serious concerns for organizations that rely on the protocol to monitor and manage network infrastructure. The vulnerability, ...