Our news and updates

In Helm versions prior to 3.17.3 a medium vulnerability CVE-2025-32387 was detected. This vulnerability allows attackers to craft a deeply nested chain of references within a JSON Schema file in a Helm chart, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. To address this issue, users should upgrade Helm to versions 3.17.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32387.

In Helm versions prior to 3.17.3 a medium severity vulnerability CVE-2025-32386 was detected. This vulnerability allows attackers to craft a chart archive file that expands significantly when uncompressed (e.g., >800x the compressed size), and when Helm loads this specially crafted chart, it can cause memory exhaustion, leading to the termination of the application. To address this issue, users should upgrade Helm to version 3.17.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32386.

In Elasticsearch versions 7.17.0 to 7.17.23 and 8.0 to 8.15.0 a medium severity vulnerability CVE-2024-52981 was detected. This vulnerability allows attackers to trigger a stack overflow by submitting a Well-Known Text (WKT) formatted string containing deeply nested GeometryCollection objects. To address this issue, users should upgrade Elasticsearch to versions 8.15.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52981.

In Elasticsearch versions 7.17.0 to 8.15.0 a medium severity vulnerability CVE-2024-52980 was detected. This vulnerability allows attackers with the `read_pipeline` cluster privilege to craft a recursive input that exploits the `innerForbidCircularReferences` function in the `PatternBank` class, potentially causing the Elasticsearch node to crash. To address this issue, users should upgrade Elasticsearch to versions 8.15.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52980.

In HAProxy versions 2.2 through 3.1.6 a medium severity vulnerability CVE-2025-32464 was detected. This vulnerability allows attackers to trigger a heap-based buffer overflow when multiple short patterns are replaced with a longer one using the `sample_conv_regsub` function in certain uncommon configurations. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32464.

In Kibana versions 7.17.0 to 7.17.22 and versions 8.0.0 to 8.15.0 a medium severity vulnerability CVE-2024-52974 was detected. This vulnerability allows attackers with read permissions for Observability to crash the Kibana server by sending specially crafted requests to the Observability API. To address this issue, users should upgrade Kibana to versions 8.15.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52974.

In Kibana versions 8.16.1 up to and including 8.17.1 a high severity vulnerability CVE-2024-12556 was detected. This vulnerability allows attackers to perform prototype pollution leading to potential code injection by exploiting unrestricted file uploads combined with path traversal. To address this issue, users should upgrade Kibana to versions 8.16.4, 8.17.2 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12556.

In Zabbix versions from 7.0.0 to 7.0.7 and from 7.2.0 to 7.2.1 a high severity vulnerability CVE-2024-36465 was detected. This vulnerability allows attackers with low-level API access to run SQL commands using the groupBy setting. Currently there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36465.

In Umbraco versions 14.3.3 and prior, 15.3.0 and prior a medium severity vulnerability CVE-2025-32017 was detected. This vulnerability allows authenticated users of the Umbraco backoffice to exploit a path traversal flaw in the management API, enabling them to upload files to incorrect locations. To address this issue, users should upgrade Umbraco to versions 14.3.4 or 15.3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32017.