Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Get Started
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Data Management and Analytics

Data Management and Analytics

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • Networking
      • Storage
      • Security
    • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    30 May 2025 Data Management and Analytics
    Redis: Stack-Based Buffer Overflow in redis-check-aof Leading to Potential Code Execution

    In Redis versions from 7.0.0 to before 8.0.2 a medium severity vulnerability CVE-2025-27151 was detected. This vulnerability allows attackers to trigger a stack-based buffer overflow in redis-check-aof by exploiting unsafe use of memcpy with user-supplied file paths, potentially leading to remote code execution. To address this issue, users should upgrade Redis to versions 8.0.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27151.

    Read more
    Database
    27 May 2025 Data Management and Analytics
    Grafana: XSS via Path Traversal and Open Redirect with SSRF Risk

    In Grafana versions >= 11.2,>= 11.3, >= 11.4, >= 11.5, >= 11.6, >= 12.0 a high severity vulnerability CVE-2025-4123 was detected. This vulnerability allows attackers to redirect users to a malicious site hosting a plugin that executes arbitrary JavaScript, even without editor permissions, and is exploitable if anonymous access is enabled. To address this issue, users should update Grafana to versions 12.0.0+security-01, 11.6.1+security-01, 11.5.4+security-01, 11.4.4+security-01, 11.3.6+security-01, 11.2.9+security-01 or 10.4.18+security-01. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4123.

    Read more
    Data Analytics
    27 May 2025 Data Management and Analytics
    Grafana: Server Admin Deletion by Org Admin via Access Control Flaw

    In Grafana OSS versions 12.0.0 up to 12.0.1, 11.6.1 up to 11.6.2, 11.5.4 up to 11.5.5 a medium severity vulnerability CVE-2025-3580 was detected. This access control flaw allows an Organization administrator to permanently delete a Server administrator account (if the Server admin is in the same organization or unassigned) potentially leaving the instance without any super-user and rendering it unmanageable. To address this issue, users should upgrade Grafana to versions 10.4.19, 11.2.10, 11.3.7, 11.4.5, 11.5.5, 11.6.2 or 12.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3580.

    Read more
    Data Analytics
    22 May 2025 Data Management and Analytics
    Grafana: Reflected XSS via Path Traversal and Open Redirect Leading to SSRF

    In Grafana versions from 10.4.18+security-01 before 10.4.19, from 11.2.9+security-01 before 11.2.10, from 11.3.6+security-01 before 11.3.7, from 11.4.4+security-01 before 11.4.5, from 11.5.4+security-01 before 11.5.5, from 11.6.1+security-01 before 11.6.2 and from 12.0.0+security-01 before 12.0.1 a high severity vulnerability CVE-2025-4123 was detected. This vulnerability lets attackers redirect users to malicious sites executing JavaScript without editor rights, can cause SSRF with the Image Renderer plugin. To address this issue, users should upgrade Grafana to versions 10.4.18+security-01, 11.2.9+security-01, 11.3.6+security-01, 11.4.4+security-01, 11.5.4+security-01, 11.6.1+security-01 and 12.0.0+security-01. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4123.

    Read more
    Data Analytics
    20 May 2025 Data Management and Analytics
    Pgpool-II: Authentication Bypass Enables Unauthorized Access

    In Pgpool-II versions 4.0 and 4.1 series, 4.2.0 to 4.2.21, 4.3.0 to 4.3.14, 4.4.0 to 4.4.11, 4.5.0 to 4.5.6 and 4.6.0 a critical severity vulnerability CVE-2025-46801 was detected. This vulnerability allows attackers to bypass authentication and log in as arbitrary users, enabling them to read, modify, or disable data in the connected database. To address this issue, users should upgrade Pgpool-II to versions 4.6.1, 4.5.7, 4.4.12, 4.3.15, 4.2.22 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-46801.

    Read more
    Database
    14 May 2025 Data Management and Analytics
    Apache Superset: Improper Authorization Allows Ownership Takeover of Dashboards, Charts, and Datasets

    In Apache Superset versions through 4.1.1 a medium severity vulnerability CVE-2025-27696 was detected. This vulnerability allows authenticated users with read permissions to take ownership of dashboards, charts, or datasets. To address this issue, users should upgrade Apache Superset to versions 4.1.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27696.

    Read more
    Data Analytics
    12 May 2025 Data Management and Analytics
    PostgreSQL: Denial of Service via Buffer Over-read in GB18030 Encoding Validation

    In PostgreSQL versions before 17.5, 16.9, 15.13, 14.18 and 13.21 a medium severity vulnerability CVE-2025-4207 was detected. This vulnerability allows a database input provider to trigger a temporary denial of service by exploiting a buffer over-read in GB18030 encoding validation, potentially causing process termination on affected platforms and impacting both the database server and libpq. To address this issue, users should upgrade PostgreSQL to versions 17.5, 16.9, 15.13, 14.18 or 13.21. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4207.

    Read more
    Database
    7 May 2025 Data Management and Analytics
    Kibana: Prototype Pollution via HTTP Requests to ML and Reporting Endpoints

    In Kibana versions 8.3.0 to 8.17.5, 8.18.0 and 9.0.0 a critical severity vulnerability CVE-2025-25014 was detected. This vulnerability allows attackers to achieve arbitrary code execution through prototype pollution by sending crafted HTTP requests to machine learning and reporting endpoints. To address this issue, users should upgrade Kibana to versions 8.17.6, 8.18.1 or 9.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-25014.

    Read more
    Data Analytics
    7 May 2025 Data Management and Analytics
    Logstash: Improper Certificate Validation in TCP Output Enables MitM Attacks

    In Logstash versions prior to 8.17.6, 8.18.0 and 9.0.0 a medium severity vulnerability CVE-2025-37730 was detected. This vulnerability allows attackers to perform man-in-the-middle (MitM) attacks in “client” mode due to improper certificate validation – specifically, the lack of hostname verification when `ssl_verification_mode => full` was set in the TCP output configuration. To address this issue, users should upgrade Logstash to versions 8.17.6, 8.18.1 or 9.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-37730.

    Read more
    Data Analytics
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base
    © HOSSTED 2025 All rights reserved
    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy