In Fluent Bit version 3.7.2 a medium severity vulnerability CVE-2025-29478 was detected. This vulnerability allows a local attacker to cause a denial of service using the cfl_list_size function. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-29478.
Read more Data Analytics
In SQLite version 3.49.0 a critical severity vulnerability CVE-2025-29087 was detected. This vulnerability allows attackers to trigger an integer overflow using the concat function. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-29087.
Read more Database
In MongoDB versions prior to 5.0.31, 6.0.20 and 7.0.16 a high severity vulnerability CVE-2025-3083 was detected. This vulnerability allows unauthenticated attackers to crash the `mongos` process by sending specifically crafted MongoDB wire protocol messages. To address this issue, users should upgrade MongoDB to versions 5.0.31, 6.0.20 or 7.0.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3083.
Read more Database
In MongoDB Server versions prior to 5.0.31, 6.0.20, 7.0.16 and 8.0.4 a medium severity vulnerability CVE-2025-3084 was detected. This vulnerability allows malformed arguments passed to the `explain` command to bypass validation, potentially causing crashes in router (`mongos`) servers. To address this issue, users should upgrade MongoDB Server to versions 5.0.31, 6.0.20, or 7.0.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3084.
Read more Database
In MongoDB Server versions prior to 5.0.31, 6.0.20, 7.0.16 and 8.0.4 a high severity vulnerability CVE-2025-3085 was detected. When running on Linux with TLS and CRL checks enabled, MongoDB may skip verifying intermediate certificate revocation, potentially allowing improper or unauthenticated access, especially with MONGODB-X509 or intra-cluster authentication. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3085.
Read more Database
In MongoDB Server versions prior to 5.0.31, 6.0.20, 7.0.14 and 7.3.4 a low severity vulnerability CVE-2025-3082 was detected. This vulnerability allows an authorized user to alter the intended collation of a view, potentially enabling access to unintended underlying data. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3082.
Read more Database
In MLflow versions 2.13.2 a medium severity vulnerability CVE-2024-6838 was detected. This vulnerability allows an attacker to create or rename an experiment with an excessively long numeric name, causing the MLflow UI to become unresponsive, potentially leading to a denial of service. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6838.
Read more Data Analytics
In Metabase versions prior to 0.52.16.4, 1.52.16.4, 0.53.8 and v1.53.8 a low severity vulnerability CVE-2025-30371 was detected. This vulnerability allows circumvention of local link access protection in the GeoJson endpoint, potentially impacting self-hosted instances colocated with unsecured resources. To address this issue, users should upgrade Metabase to versions 0.52.16.4, 1.52.16.4, 0.53.8 or 1.53.8. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30371.
Read more Data Analytics
In MongoDB C Driver library versions prior to 1.27.5 and MongoDB Server versions 8.0 prior to 8.0.1 and 7.0 prior to 7.0.16 a high severity vulnerability CVE-2025-0755 was detected. This vulnerability allows attackers to trigger a buffer overflow when handling BSON documents exceeding the maximum allowable size (INT32_MAX), potentially causing a segmentation fault and application crash. To address this issue, users should upgrade to libbson versions 1.27.5, MongoDB Server versions 8.0.1 or 7.0.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0755.
Read more Database