Data Management and Analytics

In Grafana versions prior to 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15 a medium severity vulnerability CVE-2024-11741 was detected. This vulnerability allows users with Viewer permissions to improperly access the Grafana Alerting VictorOps integration. To address this issue, users should upgrade Grafana to versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 or 10.4.15. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11741.

In phpMyAdmin versions from 5.0.0 before 5.2.2 a medium severity vulnerability CVE-2025-24530 was detected. This vulnerability allows attackers to execute cross-site scripting (XSS) by using a crafted table or database name. To address this issue, users should upgrade to version 5.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24530.

In phpMyAdmin versions from 5.0.0 before 5.2.2 a medium severity vulnerability CVE-2025-24529 was detected. This vulnerability allows attackers to execute cross-site scripting (XSS) through the Insert tab. To address this issue, users should upgrade phpMyAdmin to version 5.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24529.

In Kibana versions from 8.7.0 up to 8.15.0 a medium severity vulnerability CVE-2024-43710 was detected. This vulnerability allows attackers to exploit the /api/fleet/health_check API to send server-side requests to internal endpoints, with the limitation that only HTTPS endpoints returning JSON data can be accessed. To address this issue, users should upgrade Kibana to versions 8.15.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43710.

In Kibana versions up to 7.17.23 and 8.15.0 a medium severity vulnerability CVE-2024-43708 was detected. This vulnerability allows attackers to crash Kibana by sending a specially crafted payload to multiple inputs in the Kibana UI, exploiting the lack of resource allocation limits or throttling. To address this issue, users should upgrade Kibana to versions 7.17.23 or 8.15.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43708.

In Kibana versions from 8.0.0 up to 8.15.0 a high severity vulnerability CVE-2024-43707 was detected. This vulnerability allows attackers to view Elastic Agent policies without proper access, potentially exposing sensitive information based on the integrations enabled and their versions. To address this issue, users should upgrade Kibana to versions 8.15.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43707.

In MySQL Server versions 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior a medium severity vulnerability CVE-2025-21543 was detected. This vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or repeatedly crash the server, resulting in a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21543.

In MySQL Connectors (component: Connector/Python) versions 9.1.0 and prior a medium severity vulnerability CVE-2025-21548 was detected. This vulnerability allows a high-privileged attacker with network access and user interaction to create, delete, or modify critical data, access sensitive data, and cause a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21548.

In MySQL Enterprise Firewall versions 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior a medium severity vulnerability CVE-2025-21495 was detected. This vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or repeatedly crash the system, resulting in a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21495.