In Kibana versions 8.12.0 through 8.19.6, 9.1.0 through 9.1.6, and 9.2.0 a medium severity vulnerability CVE-2025-37734 was detected. This vulnerability allows remote attackers to perform Server-Side Request Forgery (SSRF) via a forged Origin HTTP header processed by the Observability AI Assistant. To fix this vulnerability, users should upgrade Kibana to versions 8.19.7, 9.1.7, or 9.2.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-37734.
Read more Data AnalyticsIn pgAdmin versions up to and including 9.9 a high severity vulnerability CVE-2025-12765 was detected. This vulnerability allows attackers to bypass TLS certificate verification in the LDAP authentication flow, potentially enabling unauthorized access through a man-in-the-middle attack. To fix this vulnerability, users should upgrade pgAdmin to version 10.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12765.
Read more DatabaseIn pgAdmin versions up to and including 9.9 a high severity vulnerability CVE-2025-12764 was detected. This vulnerability allows attackers to perform LDAP injection by supplying specially crafted usernames containing LDAP control characters. Successful exploitation can cause the LDAP server and client to process excessive data, potentially leading to a denial of service (DoS). To fix this vulnerability, users should upgrade pgAdmin to version 10.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12764.
Read more DatabaseIn Kafka-UI versions 0.6.0 through 0.7.2 a medium severity vulnerability CVE-2025-60537 was detected. This vulnerability in the /kafka/ui/serdes/CustomSerdeLoader.java component allows attackers to execute arbitrary code by supplying crafted data. To fix this vulnerability, users should upgrade to a version later than 0.7.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-60537.
Read more Data AnalyticsIn Kafka-UI versions 0.6.0 through 0.7.2 a high severity vulnerability CVE-2025-60536 was detected. This vulnerability in the Configure New Cluster interface allows attackers to cause a denial of service (DoS) by uploading a crafted configuration file. To fix this vulnerability, users should upgrade to a version later than 0.7.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-60536.
Read more Data AnalyticsIn Redis versions 8.2.0 through 8.2.2 a high severity vulnerability CVE-2025-62507 was detected. This vulnerability allows remote attackers to trigger a stack buffer overflow during execution of the XACKDEL command, which may potentially lead to remote code execution. To fix this vulnerability, users should upgrade to Redis version 8.2.3 or later. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-62507.
Read more DatabaseIn Apache Airflow versions from 3.0.0 up to but not including 3.0.5 a medium severity vulnerability CVE-2025-54941 was detected. This vulnerability allows a UI user to redirect the example DAG via the example_dag_decorator parameter to a malicious server and execute code on a worker, when example DAGs are enabled in production or similar DAG code is copied. To fix this vulnerability, users should upgrade to Airflow version 3.0.5 or later. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-54941.
Read more Data AnalyticsIn Apache Airflow versions 3.0.0 through 3.1.0 inclusive a medium severity vulnerability CVE-2025-62402 was detected. This vulnerability allows API users via the /api/v2/dagReports endpoint to execute DAG Python code in the context of the API server if the API-server is deployed in an environment where DAG files are accessible. To fix this vulnerability, users should upgrade to Apache Airflow version 3.1.1 or later. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-62402.
Read more Data AnalyticsIn Apache Airflow versions 3.0.0 up to and including 3.1.0 a medium severity vulnerability CVE-2025-62503 was detected. This vulnerability allows a user with only CREATE privileges (and no UPDATE privileges) for Pools, Connections, or Variables to update existing records via the bulk create API when the overwrite action is used. To fix this vulnerability, users should upgrade to version 3.1.1 or later. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-62503.
Read more Data Analytics