In Logstash versions prior to 8.17.6, 8.18.0 and 9.0.0 a medium severity vulnerability CVE-2025-37730 was detected. This vulnerability allows attackers to perform man-in-the-middle (MitM) attacks in “client” mode due to improper certificate validation – specifically, the lack of hostname verification when `ssl_verification_mode => full` was set in the TCP output configuration. To address this issue, users should upgrade Logstash to versions 8.17.6, 8.18.1 or 9.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-37730.
Read more Data Analytics
In Grafana versions prior to 10.4.17+security-0 a medium severity vulnerability CVE-2025-3454 was detected. This vulnerability allows attackers to bypass authorization checks by inserting an extra slash in the datasource proxy API path, enabling unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. To address this issue, users should upgrade Grafana to versions 10.4.17+security-01, 11.2.8+security-01, 11.3.5+security-01, 11.4.3+security-01, 11.5.3+security-01, 11.6.0+security-01 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3454.
Read more Data Analytics
In Grafana versions 0alpha1, 1alpha1 and 2alpha1 a high severity vulnerability was detected in the /apis/dashboard.grafana.app/* endpoints across all API versions. This vulnerability allows authenticated and anonymous users with viewer or editor roles to bypass dashboard and folder-level permissions, enabling unrestricted access, modification, and creation of dashboards across all folders, while organization isolation and datasource access remain unaffected. Currently, there is no fix version for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3260.
Read more Data Analytics
In Elasticsearch versions prior to 7.17.25 and prior to 8.16.0 a medium severity vulnerability CVE-2024-52979 was detected. This vulnerability allows attackers to trigger uncontrolled resource consumption by submitting specially crafted search templates using Mustache functions, potentially leading to a Denial of Service by crashing the Elasticsearch node. To address this issue, users should upgrade Elasticsearch to versions 7.17.25 or 8.16.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52979.
Read more Data Analytics
In Kibana versions 7.17.0 up to 7.17.18 and 8.0.0 up to 8.12.3 a medium severity vulnerability CVE-2025-25016 was detected. This vulnerability allows authenticated attackers to compromise software integrity by uploading crafted malicious files due to insufficient server-side validation. To address this issue, users should upgrade Kibana to versions 7.17.19 or later and 8.13.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-25016.
Read more Data Analytics
In Kibana versions 7.17.6 up to and including 7.17.23 and 8.4.0 up to and including 8.11.4 a medium severity vulnerability CVE-2024-11390 was detected. This vulnerability allows attackers with access to the Synthetics app or write permissions to synthetics indices to upload crafted HTML and JavaScript files, leading to arbitrary JavaScript execution (XSS) in a victim’s browser. To address this issue, users should upgrade Kibana to versions 7.17.24 or 8.12.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11390.
Read more Data Analytics
In Redis versions 2.6 to 7.4.2 a medium severity vulnerability CVE-2025-21605 was detected. This vulnerability allows unauthenticated clients to trigger unbounded growth of output buffers, leading to memory exhaustion or service crashes, due to Redis not limiting output buffers for unauthenticated clients by default and repeated “NOAUTH” responses filling memory. To address this issue, users should upgrade Redis to versions 7.4.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21605.
Read more Database
In Grafana XY Chart plugin versions 11.6.0 prior to 11.6.0+security-01, 11.5.0 prior to 11.5.3+security-01, 11.4.0 prior to 11.4.3+security-01, 11.3.0 prior to 11.3.5+security-01 and 11.2.0 prior to 11.2.8+security-01 a medium severity vulnerability CVE-2025-2703 was detected. This DOM-based XSS issue allows a user with Editor permissions to modify a panel and execute arbitrary JavaScript. To address this issue, users should upgrade Grafana XY Chart plugin to versions 1.6.0+security-01, 11.5.3+security-01, 11.4.3+security-01, 11.3.5+security-01 and 11.2.8+security-01. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2703.
Read more Data Analytics
In MySQL Cluster versions 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0 a medium severity vulnerability CVE-2025-30710 was detected. This vulnerability allows high-privileged attackers with network access via multiple protocols to compromise MySQL Cluster, potentially causing a hang or repeatable crash (complete DOS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30710.
Read more Database