Public exposure trend analytics.
Quarterly research correlating Shodan banner data, NVD CVE catalog, and our proprietary scan dataset. We do not scan infrastructure we do not own — we analyze what the public internet already reveals.
Trust strip
Sources · Shodan · NVD/MITRE · BleedWatch proprietary scans · Last refresh: 2026-05-07
Public banner correlation
We read Shodan's continuously published banner data within their terms for derivative analysis, then cross-reference banner versions against the NVD CVE catalog. No active scanning by BleedWatch is performed on infrastructure we do not own.
Business-impact overlay
Our BVA scoring layer adds context that vanilla CVE feeds do not carry: exploit availability, lateral-move potential, breach scenario range, operating dependency, and owner-facing remediation urgency.
Refresh cadence
Quarterly published reports. Major CVEs trigger ad-hoc refreshes within 7 days of disclosure.
Database exposure landscape: Postgres, MySQL, MongoDB
This quarterly database exposure report correlates public Shodan banner data, NVD/MITRE CVE catalog entries, and BleedWatch business-impact scoring for common self-hosted database services. The current edition focuses on externally visible PostgreSQL, MySQL, and MongoDB banners because those systems often sit close to revenue data, identity data, and operational telemetry. We analyze CVE-2024-10977 in PostgreSQL libpq, CVE-2024-21102 in Oracle MySQL Server, CVE-2024-10921 in MongoDB Server, CVE-2024-6384 in MongoDB Enterprise Server, and CVE-2024-3374 in MongoDB Server. The report does not claim that BleedWatch actively scanned third-party infrastructure. Instead, it shows how already-published Shodan observations can be cross-referenced with NVD affected-version ranges, then prioritized with a BVA overlay for exploit preconditions, likely blast radius, and remediation urgency. Production report tables will replace sample chart shapes only after the pipeline exports verifiable counts. Until then, every visual in this preview is labeled illustrative and every unavailable number renders as a placeholder.
PostgreSQL
Client-side libpq error-message handling issue affecting versions before 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21.
MySQL
Oracle MySQL Server Thread Pooling flaw affecting 8.0.36 and prior and 8.3.0 and prior, with availability impact.
MongoDB
MongoDB Server malformed BSON handling can trigger crashes or buffer over-read exposure for authorized users.
MongoDB Enterprise
MongoDB Enterprise Server hot backup files may be downloaded by underprivileged users if a backup identifier is acquired.
MongoDB Server
Unauthenticated users can trigger a fatal assertion while generating diagnostic metrics in affected MongoDB Server versions.
Exposure trend over 12 months
12 month window · Sample · Illustrative
How we read a CVE: sample analysis of CVE-2024-10977
This section demonstrates the analysis pattern. It is not a live operational claim and does not state that BleedWatch scanned third-party infrastructure. Public banner figures remain placeholders until the production pipeline exports sourced counts.
Sample metadata
- Default port source
- 5,432
- BVA confidence
- —
- Fixed version
- 13.17
- Public count
- Live data syncing on next pipeline run
Banner correlation
Public Shodan stats expose Live data syncing on next pipeline run PostgreSQL instances globally on default port 5,432. We read those public stats; we do not scan. Of the exported banner rows, the sample banner string PostgreSQL 13.x maps to the affected range from NVD.
Exploit availability
CVE-2024-10977 has public exploit metadata marked as TBD in this sample dataset. Upgrade path: PostgreSQL 13.17. Effort to exploit: low-to-medium in a malicious or man-in-the-middle server scenario.
Business impact (BVA)
Successful exploitation enables client-side result confusion for operators or automation reading untrusted server errors. Estimated breach exposure for a typical fintech mid-market profile: —. Recommended priority: P1 when affected libpq clients connect across untrusted network paths; otherwise prioritize through normal patch governance.
Q1 2026
Container registry exposure landscape
Public Docker Hub + GHCR + Quay analysis of exposed credentials, layer-leak rates, and ecosystem-level remediation patterns.
Q4 2025
NPM supply-chain attack patterns
Typosquat clusters, dependency-confusion candidates, postinstall script analysis, and maintainer-graph anomalies.
Q3 2025
GitHub Actions injection vector trends
Workflow injection patterns, unsafe interpolation prevalence, and third-party action supply-chain risks.
Get new exposure trend reports in your inbox.
Quarterly cadence, no marketing. We send report publication notes, RSS updates, and methodology changes when the production data pipeline refreshes.
What we do not do.
We do not actively probe, scan, or test third-party infrastructure based on Shodan-discovered exposure. Our analysis is purely correlation between published banner data and CVE applicability. If you want active validation against your own surface, that is a paid Fortress+ engagement through SaintScan.
Turn public exposure patterns into owned-surface action.
Exposure trends show where the internet is moving. BleedWatch scan workflows validate what matters in your stack.