In Elasticsearch versions 7.17.0 to 8.15.0 a medium severity vulnerability CVE-2024-52980 was detected. This vulnerability allows attackers with the `read_pipeline` cluster privilege to craft a recursive input that exploits the `innerForbidCircularReferences` function in the `PatternBank` class, potentially causing the Elasticsearch node to crash. To address this issue, users should upgrade Elasticsearch to versions 8.15.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52980.
Read more Data Analytics
In HAProxy versions 2.2 through 3.1.6 a medium severity vulnerability CVE-2025-32464 was detected. This vulnerability allows attackers to trigger a heap-based buffer overflow when multiple short patterns are replaced with a longer one using the `sample_conv_regsub` function in certain uncommon configurations. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32464.
Read more Application Development
In Kibana versions 7.17.0 to 7.17.22 and versions 8.0.0 to 8.15.0 a medium severity vulnerability CVE-2024-52974 was detected. This vulnerability allows attackers with read permissions for Observability to crash the Kibana server by sending specially crafted requests to the Observability API. To address this issue, users should upgrade Kibana to versions 8.15.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52974.
Read more Data Analytics
In Kibana versions 8.16.1 up to and including 8.17.1 a high severity vulnerability CVE-2024-12556 was detected. This vulnerability allows attackers to perform prototype pollution leading to potential code injection by exploiting unrestricted file uploads combined with path traversal. To address this issue, users should upgrade Kibana to versions 8.16.4, 8.17.2 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12556.
Read more Data Analytics
In Zabbix versions from 7.0.0 to 7.0.7 and from 7.2.0 to 7.2.1 a high severity vulnerability CVE-2024-36465 was detected. This vulnerability allows attackers with low-level API access to run SQL commands using the groupBy setting. Currently there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36465.
Read more Monitoring
In Umbraco versions 14.3.3 and prior, 15.3.0 and prior a medium severity vulnerability CVE-2025-32017 was detected. This vulnerability allows authenticated users of the Umbraco backoffice to exploit a path traversal flaw in the management API, enabling them to upload files to incorrect locations. To address this issue, users should upgrade Umbraco to versions 14.3.4 or 15.3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32017.
Read more CMS
In Fluent Bit version 3.7.2 a medium severity vulnerability CVE-2025-29478 was detected. This vulnerability allows a local attacker to cause a denial of service using the cfl_list_size function. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-29478.
Read more Data Analytics
In PHP versions from 8.3.0 to before 8.3.19 and from 8.4.0 to before 8.4.5 a critical severity vulnerability CVE-2024-11235 was detected. This vulnerability allows attackers to run code remotely by triggering a memory bug with certain code and inputs. To address this issue, users should upgrade PHP to versions 8.3.19 or 8.4.5. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-11235.
Read more Web Development
In SQLite version 3.49.0 a critical severity vulnerability CVE-2025-29087 was detected. This vulnerability allows attackers to trigger an integer overflow using the concat function. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-29087.
Read more Database