In Kibana versions 7.x prior to and including 7.17.29, 8.x from 8.0.0 up to and including 8.18.7, 8.19.x from 8.19.0 up to and including 8.19.4, 9.0.x from 9.0.0 up to and including 9.0.7, and 9.1.x from 9.1.0 up to and including 9.1.4 a high severity vulnerability CVE-2025-25009 was detected. Improper neutralization of input during web page generation in Kibana can lead to Stored Cross-Site Scripting via case file upload. To address this issue, users should upgrade Kibana to versions 8.18.8, 8.19.5, 9.0.8, or 9.1.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-25009.
Read more Data AnalyticsIn Kibana versions up to and including 7.17.22 and 8.0.0 up to and including 8.14.3 a medium severity vulnerability CVE-2024-43708 was detected. This vulnerability allows an authenticated user with read access to any feature in Kibana to send a specially crafted payload to certain UI inputs, causing the server to crash due to improper resource allocation without limits or throttling. To address this issue, users should upgrade Kibana to versions 7.17.23, 8.15.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43708.
Read more Data AnalyticsIn Kibana versions from 8.0.0 up to 8.15.0 a high severity vulnerability CVE-2024-43707 was detected. This issue allows a user without access to Fleet to view Elastic Agent policies, which could contain sensitive information depending on the enabled integrations and their versions. To address this vulnerability, users should upgrade Kibana to version 8.15.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43707.
Read more Data AnalyticsIn Kibana versions from 8.7.0 up to 8.15.0 a medium severity vulnerability CVE-2024-43710 was detected. This vulnerability allows a user with read access to Fleet to exploit the /api/fleet/health_check API to send requests to internal HTTPS endpoints that return JSON, resulting in a server-side request forgery. To address this issue, users should upgrade Kibana to version 8.15.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43710.
Read more Data AnalyticsIn Kibana versions up to and including 7.17.28, 8.0.0 to 8.17.7, 8.18.0 to 8.18.2, and 9.0.0 to 9.0.2 a medium severity vulnerability CVE-2025-25012 was detected. The flaw allows open redirect attacks through the Short URLs feature in Discover, Dashboard, and Visualization Library, which can redirect users to arbitrary sites and enable server-side request forgery (SSRF). To address this issue, users should upgrade Kibana to versions 7.17.29, 8.17.8, 8.18.3, 9.0.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-25012.
Read more Data AnalyticsIn Kibana versions prior to 7.17.29, 8.17.8, 8.18.3 and 9.0.3 a medium severity vulnerability CVE-2024-52974 was detected. This vulnerability allows a user with read permissions for Observability to send a specially crafted request to the Observability API, which could cause the Kibana server to crash. To address this issue, users should upgrade Kibana to versions 7.17.29, 8.17.8, 8.18.3, 9.0.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52974.
Read more Data AnalyticsIn Apache Airflow 3.0.3 a high severity vulnerability CVE-2025-54831 was detected. Sensitive connection details were exposed to users with READ permissions through both the API and UI, bypassing the intended “write-only” model and the AIRFLOW__CORE__HIDE_SENSITIVE_VAR_CONN_FIELDS configuration option. To address this issue, users should upgrade Airflow to version 3.0.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-54831.
Read more Data AnalyticsIn Liferay Portal versions 7.4.0 through 7.4.3.112, and Liferay DXP versions 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-43807 was detected. This vulnerability allows a remote attacker to inject arbitrary web script or HTML via a crafted payload injected into a publication’s “Name” text field in the notifications widget. To address this issue, users should upgrade Liferay Portal to version 7.4.3.113 and Liferay DXP to versions 2024.Q2.0, 2024.Q1.1 or 2023.Q4.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43807.
Read more Data AnalyticsIn Ashlar-Vellum Graphite version 13_SE_13048 a high severity vulnerability CVE-2025-7981 was detected. This vulnerability allows remote attackers to execute arbitrary code on affected installations by exploiting uninitialized memory during VC6 file parsing when a user opens a malicious file. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7981.
Read more Data Analytics