Predicting MongoDB ObjectId() continuously in Rocket.Chat
Aikido's AI pentester found this file-access flaw in Rocket.Chat. A closer look at MongoDB's ObjectId() showed the weak randomness that makes it exploitable. Category: Vulnerabilities & Threats
Read the full articleYou might also wanna read
mlmongo
mongodb数据库操作工具类
MongoBleed Vulnerability (CVE-2025-14847): Critical MongoDB Security Flaw Explained
CVE-2025-14847 allows attackers to read any arbitrary data from the database's heap memory. It affects all MongoDB versions since 2017, here
MongoDB Security Update: Vulnerability CVE-2025-14847 ("Mongobleed") Identified in December 2025
The following is an update on the security vulnerability identified in December 2025.

WAF - WAF Release - 2025-07-28
This week’s update spotlights several vulnerabilities across Apache Tomcat, MongoDB, and Fortinet FortiWeb. Several flaws related with a mem
Connect MongoDB to Dremio Cloud: SQL Analytics on Document Data
MongoDB is the most popular NoSQL document database. It stores data in flexible JSON-like documents, making it ideal for applications with e
Defending a Self-Hosted Git Forge Against AI Scraping Attacks
A summary of the techniques in place to protect my git forge

Comments
Sign in to join the conversation.
No comments yet. Be the first.