In MySQL Connector/Python versions 9.0.0 through 9.2.0 a medium severity vulnerability CVE-2025-30714 was detected. This vulnerability allows low privileged attackers with network access and user interaction to gain unauthorized access to sensitive data. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30714.
Read more Database
In MySQL Server (component: Server: UDF) versions 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0 a medium severity vulnerability CVE-2025-30721 was detected. This vulnerability allows a high-privileged attacker with logon access to compromise MySQL Server, requiring human interaction and potentially causing a crash (DOS). To address this issue, users should upgrade MySQL Server to versions 8.0.42-1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30721.
Read more Database
In Oracle MySQL Server (InnoDB component) versions 8.0.0–8.0.41, 8.4.0–8.4.4 and 9.0.0–9.2.0 a medium severity vulnerability CVE-2025-30693 was detected. This vulnerability allows high privileged attackers with network access via multiple protocols to cause a denial of service (DoS) or perform unauthorized updates, inserts, or deletions on MySQL Server data. To address this issue, users should upgrade MySQL Server to versions 8.0.42-1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30693.
Read more Database
In Mattermost versions 10.5.0 to 10.5.1, 10.4.0 to 10.4.3, and 9.11.0 to 9.11.9 a low severity vulnerability CVE-2025-24839 was detected. This vulnerability allows users to turn on the AI bot by adding a setting to a post using the Wrangler plugin, even if they don’t have access to the bot. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-24839.
Read more Communication
In Metabase versions 52.x before 52.17.1, 53.x before 53.9.5 and 54.x before 54.1.5 a low severity vulnerability CVE-2025-32382 was detected. This vulnerability allows sensitive Snowflake connection credentials, including usernames and passwords, to be logged during connection migration due to improper purging of stale connection methods. To address this issue, users should upgrade Metabase to versions 52.17.1, 53.9.5 or 54.1.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32382.
Read more Data Analytics
In Elasticsearch versions 7.17.0 to 8.15.0 a medium severity vulnerability CVE-2024-52980 was detected. This vulnerability allows attackers with the `read_pipeline` cluster privilege to craft a recursive input that exploits the `innerForbidCircularReferences` function in the `PatternBank` class, potentially causing the Elasticsearch node to crash. To address this issue, users should upgrade Elasticsearch to versions 8.15.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52980.
Read more Data Analytics
In Kibana versions 7.17.0 to 7.17.22 and versions 8.0.0 to 8.15.0 a medium severity vulnerability CVE-2024-52974 was detected. This vulnerability allows attackers with read permissions for Observability to crash the Kibana server by sending specially crafted requests to the Observability API. To address this issue, users should upgrade Kibana to versions 8.15.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52974.
Read more Data Analytics
In Kibana versions 8.16.1 up to and including 8.17.1 a high severity vulnerability CVE-2024-12556 was detected. This vulnerability allows attackers to perform prototype pollution leading to potential code injection by exploiting unrestricted file uploads combined with path traversal. To address this issue, users should upgrade Kibana to versions 8.16.4, 8.17.2 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12556.
Read more Data Analytics
In Elasticsearch versions 7.17.0 to 7.17.23 and 8.0 to 8.15.0 a medium severity vulnerability CVE-2024-52981 was detected. This vulnerability allows attackers to trigger a stack overflow by submitting a Well-Known Text (WKT) formatted string containing deeply nested GeometryCollection objects. To address this issue, users should upgrade Elasticsearch to versions 8.15.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52981.
Read more Data Analytics