Book a demo

Data Management and Analytics

Selected category
18 Dec 2025 Data Management and Analytics
Kibana: Cross-Site Scripting Vulnerability in Vega AST Evaluator

In Kibana versions 7.0.0-alpha1 and prior, from 8.0.0 up to and including 8.19.8, from 9.0.0 up to and including 9.1.8, from 9.2.0 up to and including 9.2.2 a medium severity vulnerability CVE-2025-68387 was detected. This vulnerability stems from improper input neutralization during web page generation (CWE-79) in a Vega AST evaluator function handler, allowing unauthenticated attackers to inject malicious scripts that are served to users’ browsers and execute arbitrary code via cross-site scripting (XSS). To address this issue, users should upgrade Kibana to versions 8.19.9, 9.1.9 and 9.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68387.

 Read more Data Analytics
18 Dec 2025 Data Management and Analytics
Kibana: Improper Authorization Allows Privilege Escalation via Live Queries Access

In Kibana versions 7.0.0-alpha1 and prior, from 8.0.0 up to and including 8.19.6, from 9.0.0 up to and including 9.1.6, and 9.2.0 a medium severity vulnerability CVE-2025-68422 was detected. This vulnerability results from improper authorization (CWE-285) and allows an authenticated user to bypass intended permission restrictions via a crafted HTTP request, enabling access to the list of live queries without having the required live queries – read permission. To address this issue, users should upgrade Kibana to versions 8.19.7, 9.1.7 and 9.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68422.

 Read more Data Analytics
17 Dec 2025 Data Management and Analytics
MongoDB Server: Cross-Shard Transaction Flaw Causes Data Inconsistencies

In MongoDB Server versions before 8.0.16, 7.0.26, and 8.2.2 a low severity vulnerability CVE-2025-14345 was detected. This vulnerability can cause temporary data inconsistencies in cross-shard transactions. To fix this issue, users should upgrade to MongoDB Server versions 8.0.16, 7.0.26 or 8.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14345.

 Read more Database
17 Dec 2025 Data Management and Analytics
Elasticsearch: PKI Realm Improper Authentication Leading to User Impersonation

In Elasticsearch versions 7.0.0-alpha1 and prior, prior to 8.19.8, 9.0.0-beta1 and prior, prior to 9.1.8, 9.2.0 and prior, prior to 9.2.21 a medium severity vulnerability CVE-2025-37731 was detected. This vulnerability allows attackers to impersonate legitimate users through improper authentication in the PKI realm by using specially crafted client certificates signed by a trusted Certificate Authority. To address this issue, users should upgrade Elasticsearch to versions 8.19.8, 9.1.8 or 9.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-37731.

 Read more Data Analytics
17 Dec 2025 Data Management and Analytics
Kibana: Cross-Site Scripting via Integration Package Upload

In Kibana versions 7.0.0-alpha1 and prior, prior to 8.19.8, 9.0.0-beta1 and prior, prior to 9.1.8, 9.2.0 and prior, prior to 9.2.21 a medium severity vulnerability CVE-2025-37732 was detected. This vulnerability allows an authenticated attacker to perform cross-site scripting (XSS) by rendering arbitrary HTML tags in a user’s browser through the integration package upload functionality, bypassing a previous fix related to ESA-2025-17 (CVE-2025-25018) and enabling HTML injection during web page generation. To address this issue, users should upgrade Kibana to versions 8.19.8, 9.1.8 or 9.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-37732.

 Read more Data Analytics
28 Nov 2025 Data Management and Analytics
OpenSearch: Nested Boolean and Disjunction Asymmetric Denial of Service

In OpenSearch versions prior to 3.2.0 a high severity vulnerability CVE-2025-9624 was detected. This vulnerability allows attackers to cause a denial of service (DoS) by submitting complex query_string inputs. To address this issue, users should upgrade OpenSearch to version 3.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9624.

 Read more Data Analytics
26 Nov 2025 Data Management and Analytics
OpenSearch: Nested Boolean/Disjunction Asymmetric Denial of Service Vulnerability

In OpenSearch versions prior to 3.2.0 a high severity vulnerability CVE-2025-9624 was detected. This vulnerability allows attackers to cause a denial of service (DoS) by submitting complex query_string inputs that trigger excessive resource consumption. To address this issue, users should upgrade OpenSearch to version 3.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9624.

 Read more Data Analytics
25 Nov 2025 Data Management and Analytics
MongoDB: Invariant Failure in Batched Delete Handling Allows Server Crash

In MongoDB Server versions 7.0 prior to 7.0.26, 8.0 prior to 8.0.13, and 8.1 prior to 8.1.2 a high severity vulnerability CVE-2025-13644 was detected. The issue allows a batched delete operation to trigger an invariant failure and crash the server when MongoDB incorrectly assumes multiple documents are present in a batch solely because a document exceeds BSONObjMaxSize. To address this issue, users should update to MongoDB Server 7.0.26, 8.0.13, or 8.1.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13644.

 Read more Database
25 Nov 2025 Data Management and Analytics
MongoDB: Privilege Escalation Allowing Query Termination Causing Denial of Service

In MongoDB Server versions 7.0 prior to 7.0.26 and 8.0 prior to 8.0.14 a medium severity vulnerability CVE-2025-13643 was detected. This vulnerability allows a user with limited cluster privileges to terminate queries executed by other users, potentially causing denial of service by preventing some queries from completing successfully. To address this issue, users should upgrade MongoDB Server to versions 7.0.26, 8.0.14, or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13643.

 Read more Database