All articles tagged with #database security
A critical vulnerability in MongoDB, CVE-2025-14847, allows unauthenticated attackers to remotely leak sensitive data by exploiting a flaw in zlib compression, with over 87,000 instances potentially affected worldwide. Users are advised to update their MongoDB versions and implement mitigations such as disabling zlib compression and restricting server exposure.
A critical security vulnerability in MongoDB (CVE-2025-14847) allows unauthenticated attackers to read uninitialized heap memory, potentially exposing sensitive data. The flaw affects multiple versions and has been patched in newer releases; users are advised to upgrade or disable zlib compression to mitigate risks.
Mondee, a travel giant, had an exposed database that contained sensitive customer information, including flight and hotel itineraries and unencrypted credit card numbers. The database, which was accessible without a password, contained personal information such as names, addresses, passport numbers, and full credit card details. The exposed data was verified to be accurate, and it is unclear how the database became publicly accessible. Mondee has not acknowledged the incident or commented on whether affected customers will be notified.