Alireza Gharib Blog

CVE-2025-23061 – Mongoose Search Injection Vulnerability

CVE ID : CVE-2025-23061

Published : Jan. 15, 2025, 5:15 a.m. | 1 hour, 53 minutes ago

Description : Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900.

Severity: 9.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Go to Source

Tags: #cve, #cybersecurity, #security

Related Posts

Windows 11’s TPM 2.0: Free Software Foundation Fights Forced Upgrades and E-Waste Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast Vulnerable Moxa devices expose industrial networks to attacks Vulnerability Overload: 40,000+ CVEs in 2024 Trio of Critical Vulnerabilities in Netis Routers Enables Unauthenticated RCE Top Cybersecurity Certifications to Boost Your Career in 2025 Threat Actors Exploit a Critical Ivanti RCE Bug, Again Thousands of SonicWall Devices Remain Vulnerable to CVE-2024-40766 TheCyberThrone Security Weekly Review – January 11, 2025 TheCyberThrone Security Weekly Review – January 04, 2025 SonicWall waarschuwt voor actief misbruikt lek in SSLVPN-functie firewalls SonicWall urges admins to patch exploitable SSLVPN bug immediately SonicWall Issues Important Security Advisory for Multiple Vulnerabilities in SonicOS SimpleHelp Urgents to Patch Critical Security Vulnerabilities Secure Your Repos: go-git Patches Critical Vulnerability – CVE-2025-21613 (CVSS 9.8) Reversing, Discovering, And Exploiting A TP-Link Router Vulnerability — CVE-2024–54887 Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers Redis was affected by CVE-2024-51741 and CVE-2024-46981 Nuclei flaw lets malicious templates bypass signature verification
, , , ,
, ,
Recent Posts