The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. Follow links with caution.

CVE-2025-14847

• Severity: 8.6 HIGH
• Impacted Products: MongoDB Server
• Description: MongoDB Server is affected by an information disclosure vulnerability due to improper handling of length parameters in Zlib compressed protocol headers. This flaw allows an unauthenticated remote client to read uninitialized heap memory from the server.
• Remediation:
  • [SERVER-115508] Make minimally sized buffers for uncompressed Messages - MongoDB Jira
• More Info: NVD - CVE-2025-14847
• PoC:
  • https://github.com/NoNameError/MongoBLEED---CVE-2025-14847-POC-
  • https://github.com/Ashwesker/Ashwesker-CVE-2025-14847/blob/main/CVE-2025-14847.py
  • https://github.com/ProbiusOfficial/CVE-2025-14847

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.