| admin-center |
CVE-2025-48988 |
tomcat: Apache Tomcat DoS in multipart upload |
3.3.0 |
| admin-center |
CVE-2025-49146 |
pgjdbc: pgjdbc insecure authentication in channel binding |
3.3.0 |
| auth-service |
CVE-2025-41235 |
Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies |
3.3.0 |
| ai-service |
CVE-2024-12718 |
cpython: python: Bypass extraction filter to modify file metadata outside extraction directory |
3.3.0 |
| ai-service |
CVE-2025-29087 |
sqlite: Integer Overflow in SQLite concat_ws Function |
3.3.0 |
| ai-service |
CVE-2025-4138 |
cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory |
3.3.0 |
| ai-service |
CVE-2025-4330 |
cpython: python: Extraction filter bypass for linking outside extraction directory |
3.3.0 |
| ai-service |
CVE-2025-4517 |
python: cpython: Arbitrary writes via tarfile realpath overflow |
3.3.0 |
| ai-service |
CVE-2025-4565 |
python-protobuf: Unbounded recursion in Python Protobuf |
3.3.0 |
| ai-service |
CVE-2025-47273 |
setuptools: Path Traversal Vulnerability in setuptools PackageIndex |
3.3.0 |
| analysis-node |
CVE-2025-48379 |
python-pillow: pillow: Pillow DDS Heap Buffer Overflow |
3.3.0_core8.4.3 |
| console |
CVE-2025-41235 |
Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies |
3.3.0 |
| dashboards |
CVE-2025-22235 |
org.springframework.boot/spring-boot: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed |
3.3.0 |
| dashboards |
CVE-2025-48988 |
tomcat: Apache Tomcat DoS in multipart upload |
3.3.0 |
| dashboards |
CVE-2025-49146 |
pgjdbc: pgjdbc insecure authentication in channel binding |
3.3.0 |
| etl-service |
CVE-2025-22874 |
crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509 |
3.3.0 |
| gateway |
CVE-2025-41235 |
Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies |
3.3.0 |
| gateway |
CVE-2025-48988 |
tomcat: Apache Tomcat DoS in multipart upload |
3.3.0 |
| neo4j |
CVE-2025-1948 |
jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability |
3.3.0 |
| sso-service |
CVE-2025-3501 |
org.keycloak.protocol.services: Keycloak hostname verification |
3.3.0 |
| viewer |
CVE-2024-12718 |
cpython: python: Bypass extraction filter to modify file metadata outside extraction directory |
3.3.0 |
| viewer |
CVE-2025-22874 |
crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509 |
3.3.0 |
| viewer |
CVE-2025-4138 |
cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory |
3.3.0 |
| viewer |
CVE-2025-4330 |
cpython: python: Extraction filter bypass for linking outside extraction directory |
3.3.0 |
| viewer |
CVE-2025-4517 |
python: cpython: Arbitrary writes via tarfile realpath overflow |
3.3.0 |