In Elasticsearch versions 7.0.0-alpha1 and prior, prior to 8.19.8, 9.0.0-beta1 and prior, prior to 9.1.8, 9.2.0 and prior, prior to 9.2.21 a medium severity vulnerability CVE-2025-37731 was detected. This vulnerability allows attackers to impersonate legitimate users through improper authentication in the PKI realm by using specially crafted client certificates signed by a trusted Certificate Authority. To address this issue, users should upgrade Elasticsearch to versions 8.19.8, 9.1.8 or 9.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-37731.
Read more Data Analytics
In Kibana versions 7.0.0-alpha1 and prior, prior to 8.19.8, 9.0.0-beta1 and prior, prior to 9.1.8, 9.2.0 and prior, prior to 9.2.21 a medium severity vulnerability CVE-2025-37732 was detected. This vulnerability allows an authenticated attacker to perform cross-site scripting (XSS) by rendering arbitrary HTML tags in a user’s browser through the integration package upload functionality, bypassing a previous fix related to ESA-2025-17 (CVE-2025-25018) and enabling HTML injection during web page generation. To address this issue, users should upgrade Kibana to versions 8.19.8, 9.1.8 or 9.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-37732.
Read more Data Analytics
In MongoDB Server versions before 8.0.16, 7.0.26, and 8.2.2 a low severity vulnerability CVE-2025-14345 was detected. This vulnerability can cause temporary data inconsistencies in cross-shard transactions. To fix this issue, users should upgrade to MongoDB Server versions 8.0.16, 7.0.26 or 8.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14345.
Read more Database
In Apache HTTP Server versions from 2.4.7 up to 2.4.65 a low severity vulnerability CVE-2025-66200 was detected. This vulnerability allows users with access to the RequestHeader directive in .htaccess files to bypass mod_userdir and suexec protections, causing some CGI scripts to run under an unexpected user ID, which may lead to unauthorized access or execution of malicious scripts. To address this issue users must upgrade to Apache HTTP Server version 2.4.66 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-66200.
Read more Application Development
In Apache HTTP Server versions from 2.4.0 up to 2.4.65 a low severity vulnerability CVE-2025-65082 was detected. This vulnerability allows environment variables set via the Apache configuration to unexpectedly supersede variables calculated by the server for CGI programs due to improper neutralization of escape, meta, or control sequences. To address this issue, users must upgrade to Apache HTTP Server version 2.4.66 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-65082.
Read more Application Development
In Jenkins versions 2.540 and earlier, including LTS 2.528.2 and earlier a high severity vulnerability CVE-2025-67635 was detected. This vulnerability allows unauthenticated attackers to cause a denial of service due to HTTP-based CLI connections not being properly closed when the connection stream becomes corrupted. To address this issue, users should upgrade to Jenkins version 2.541 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-67635.
Read more Developer Tools
In Argo Workflows versions 3.6.13 and below, and versions 3.7.0 through 3.7.4 a high severity vulnerability CVE-2025-66626 was detected. This vulnerability allows attackers to exploit unsafe untar code handling symbolic links in archives, potentially overwriting the file /var/run/argo/argoexec with a script of their choice, which would be executed at the pod’s start. To address this issue, users should upgrade to Argo Workflows version 3.6.14, 3.7.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-66626.
Read more Application Development
In Apache HTTP Server versions from 2.4.0 up to 2.4.65 a high severity vulnerability CVE-2025-59775 was detected. This vulnerability allows Server-Side Request Forgery (SSRF) on Windows systems with AllowEncodedSlashes On and MergeSlashes Off, potentially leaking NTLM hashes to a malicious server via SSRF and crafted requests or content. To address this issue, users should upgrade to Apache HTTP Server version 2.4.66 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-59775.
Read more Application Development
In Gogs versions 0.13.3 and prior a high severity vulnerability CVE-2025-8110 was detected. This vulnerability allows local attackers to execute arbitrary code by exploiting improper symbolic link handling in the `PutContents` file update API. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8110.
Read more Developer Tools