CVE-2026-35469 affecting package kured for versions less than 1.15.0-4

CVE-2026-35469 affecting package kured for versions less than 1.15.0-4. A patched version of the package is available...

VulnCheck KEV: CVE-2025-60021

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

CVE-2025-11065 affecting package kured for versions less than 1.15.0-3

CVE-2025-11065 affecting package kured for versions less than 1.15.0-3. A patched version of the package is available...

Apache bRPC Command Injection

The Apache bRPC heap profiler suffers from a command injection vulnerability. Versions below 1.15.0 are affected...

CVE-2025-60021

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

CVE-2025-60021 Apache bRPC: Remote command injection vulnerability in heap builtin service

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...