In Metabase versions 52.x before 52.17.1, 53.x before 53.9.5 and 54.x before 54.1.5 a low severity vulnerability CVE-2025-32382 was detected. This vulnerability allows sensitive Snowflake connection credentials, including usernames and passwords, to be logged during connection migration due to improper purging of stale connection methods. To address this issue, users should upgrade Metabase to versions 52.17.1, 53.9.5 or 54.1.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32382.
Read more Data Analytics
In Elasticsearch versions 7.17.0 to 7.17.23 and 8.0 to 8.15.0 a medium severity vulnerability CVE-2024-52981 was detected. This vulnerability allows attackers to trigger a stack overflow by submitting a Well-Known Text (WKT) formatted string containing deeply nested GeometryCollection objects. To address this issue, users should upgrade Elasticsearch to versions 8.15.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52981.
Read more Data Analytics
In Elasticsearch versions 7.17.0 to 8.15.0 a medium severity vulnerability CVE-2024-52980 was detected. This vulnerability allows attackers with the `read_pipeline` cluster privilege to craft a recursive input that exploits the `innerForbidCircularReferences` function in the `PatternBank` class, potentially causing the Elasticsearch node to crash. To address this issue, users should upgrade Elasticsearch to versions 8.15.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52980.
Read more Data Analytics
In Kibana versions 7.17.0 to 7.17.22 and versions 8.0.0 to 8.15.0 a medium severity vulnerability CVE-2024-52974 was detected. This vulnerability allows attackers with read permissions for Observability to crash the Kibana server by sending specially crafted requests to the Observability API. To address this issue, users should upgrade Kibana to versions 8.15.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52974.
Read more Data Analytics
In Kibana versions 8.16.1 up to and including 8.17.1 a high severity vulnerability CVE-2024-12556 was detected. This vulnerability allows attackers to perform prototype pollution leading to potential code injection by exploiting unrestricted file uploads combined with path traversal. To address this issue, users should upgrade Kibana to versions 8.16.4, 8.17.2 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12556.
Read more Data Analytics
In Fluent Bit version 3.7.2 a medium severity vulnerability CVE-2025-29478 was detected. This vulnerability allows a local attacker to cause a denial of service using the cfl_list_size function. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-29478.
Read more Data Analytics
In SQLite version 3.49.0 a critical severity vulnerability CVE-2025-29087 was detected. This vulnerability allows attackers to trigger an integer overflow using the concat function. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-29087.
Read more Database
In MongoDB versions prior to 5.0.31, 6.0.20 and 7.0.16 a high severity vulnerability CVE-2025-3083 was detected. This vulnerability allows unauthenticated attackers to crash the `mongos` process by sending specifically crafted MongoDB wire protocol messages. To address this issue, users should upgrade MongoDB to versions 5.0.31, 6.0.20 or 7.0.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3083.
Read more Database
In MongoDB Server versions prior to 5.0.31, 6.0.20, 7.0.16 and 8.0.4 a medium severity vulnerability CVE-2025-3084 was detected. This vulnerability allows malformed arguments passed to the `explain` command to bypass validation, potentially causing crashes in router (`mongos`) servers. To address this issue, users should upgrade MongoDB Server to versions 5.0.31, 6.0.20, or 7.0.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3084.
Read more Database