In Kibana versions 8.16.1 up to and including 8.17.1 a high severity vulnerability CVE-2024-12556 was detected. This vulnerability allows attackers to perform prototype pollution leading to potential code injection by exploiting unrestricted file uploads combined with path traversal. To address this issue, users should upgrade Kibana to versions 8.16.4, 8.17.2 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12556.
Read more Data Analytics
In SQLite version 3.49.0 a critical severity vulnerability CVE-2025-29087 was detected. This vulnerability allows attackers to trigger an integer overflow using the concat function. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-29087.
Read more Database
In Fluent Bit version 3.7.2 a medium severity vulnerability CVE-2025-29478 was detected. This vulnerability allows a local attacker to cause a denial of service using the cfl_list_size function. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-29478.
Read more Data Analytics
In MongoDB Server versions prior to 5.0.31, 6.0.20, 7.0.16 and 8.0.4 a medium severity vulnerability CVE-2025-3084 was detected. This vulnerability allows malformed arguments passed to the `explain` command to bypass validation, potentially causing crashes in router (`mongos`) servers. To address this issue, users should upgrade MongoDB Server to versions 5.0.31, 6.0.20, or 7.0.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3084.
Read more Database
In MongoDB Server versions prior to 5.0.31, 6.0.20, 7.0.16 and 8.0.4 a high severity vulnerability CVE-2025-3085 was detected. When running on Linux with TLS and CRL checks enabled, MongoDB may skip verifying intermediate certificate revocation, potentially allowing improper or unauthenticated access, especially with MONGODB-X509 or intra-cluster authentication. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3085.
Read more Database
In MongoDB versions prior to 5.0.31, 6.0.20 and 7.0.16 a high severity vulnerability CVE-2025-3083 was detected. This vulnerability allows unauthenticated attackers to crash the `mongos` process by sending specifically crafted MongoDB wire protocol messages. To address this issue, users should upgrade MongoDB to versions 5.0.31, 6.0.20 or 7.0.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3083.
Read more Database
In MongoDB Server versions prior to 5.0.31, 6.0.20, 7.0.14 and 7.3.4 a low severity vulnerability CVE-2025-3082 was detected. This vulnerability allows an authorized user to alter the intended collation of a view, potentially enabling access to unintended underlying data. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3082.
Read more Database
In MLflow versions 2.13.2 a medium severity vulnerability CVE-2024-6838 was detected. This vulnerability allows an attacker to create or rename an experiment with an excessively long numeric name, causing the MLflow UI to become unresponsive, potentially leading to a denial of service. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6838.
Read more Data Analytics
In Metabase versions prior to 0.52.16.4, 1.52.16.4, 0.53.8 and v1.53.8 a low severity vulnerability CVE-2025-30371 was detected. This vulnerability allows circumvention of local link access protection in the GeoJson endpoint, potentially impacting self-hosted instances colocated with unsecured resources. To address this issue, users should upgrade Metabase to versions 0.52.16.4, 1.52.16.4, 0.53.8 or 1.53.8. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30371.
Read more Data Analytics