cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-1756,https://securityvulnerability.io/vulnerability/CVE-2025-1756,Local Privilege Escalation Vulnerability in MongoDB Shell by MongoDB,"The MongoDB Shell (mongosh) version prior to 2.3.0 is susceptible to local privilege escalation when a specially crafted file is placed in C:\node_modules\. This vulnerability may allow unauthorized actions on a user's system, potentially compromising user data and system integrity. It is essential for users to update to the latest version to mitigate this security risk.",MongoDB,Mongosh,7.5,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-27T15:28:11.633Z,0
CVE-2025-1693,https://securityvulnerability.io/vulnerability/CVE-2025-1693,Control Character Injection Vulnerability in MongoDB Shell,"The MongoDB Shell is vulnerable to control character injection, enabling an attacker who has control over the database cluster contents to inject misleading control characters into the shell output. This manipulation could lead to the display of deceptive messages that may seem to emanate from mongosh or the operating system itself. As a consequence, users could be misled into executing unsafe actions. The vulnerability is present when mongosh connects to a database cluster that is either partially or fully controlled by an attacker, thus posing a significant security risk for database operations.",MongoDB,Mongosh,3.9,LOW,0.01,false,,false,false,false,,false,false,false,,2025-02-27T12:39:37.520Z,0
CVE-2025-1692,https://securityvulnerability.io/vulnerability/CVE-2025-1692,Control Character Injection Vulnerability in MongoDB Shell,"The MongoDB Shell is vulnerable to a control character injection, which can be exploited by an attacker who gains access to a user's clipboard. This vulnerability allows malicious users to paste obfuscated code into the MongoDB Shell (mongosh), potentially leading to arbitrary code execution. The issue specifically affects versions of mongosh before 2.3.9, making it critical for users to upgrade to secure their environments against such injection threats.",MongoDB,Mongosh,6.3,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-27T12:37:00.376Z,0
CVE-2025-1691,https://securityvulnerability.io/vulnerability/CVE-2025-1691,Control Character Injection Vulnerability in MongoDB Shell by MongoDB,"The MongoDB Shell presents a control character injection vulnerability that allows an attacker to manipulate the autocompletion feature. If a user unwittingly engages the autocomplete function by pressing 'tab', they can execute previously obfuscated malicious commands. This exploitation is contingent on the MongoDB Shell being connected to a cluster that the attacker controls, either partially or fully. Versions of mongosh prior to 2.3.9 are particularly susceptible to this vulnerability.",MongoDB,Mongosh,7.6,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-27T12:34:02.752Z,0