CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

67 matches found

Packet Storm•added 2026/01/23 12:0 a.m.•137 views

📄 Apache bRPC 1.14.0 Command Injection

Apache bRPC versions 1.14.0 and below proof of concept command injection exploit that leverages exposed pprof endpoints. ============================================================================================================================================= | Title : Apache bRPC = 1.14.0...

9.8CVSS5.5AI score0.00307EPSS

Exploits3

GithubExploit•added 2026/01/19 2:51 p.m.•294 views

Exploit for CVE-2025-60021

CVE-2025-60021 Roundup Vulnerability Summary CVE-2025-60...

9.8CVSS5.9AI score0.00307EPSS

Exploits3

GithubExploit•added 2026/01/19 2:51 p.m.•202 views

Exploit for CVE-2025-60021

CVE-2025-60021 Roundup Vulnerability Summary CVE-2025-60...

9.8CVSS5.9AI score0.00307EPSS

Exploits3

Packet Storm News•added 2026/01/19 12:0 a.m.•6 views

Apache bRPC Command Injection

The Apache bRPC heap profiler suffers from a command injection vulnerability. Versions below 1.15.0 are affected...

9.8CVSS5.5AI score0.00307EPSS

Exploits3

RedhatCVE•added 2026/01/17 9:15 a.m.•7 views

CVE-2025-60021

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

9.8CVSS8.1AI score0.00307EPSS

Exploits3References1

OSV•added 2026/01/16 9:16 a.m.•2 views

CVE-2025-60021

9.8CVSS5.9AI score

Exploits0References2

NVD•added 2026/01/16 9:16 a.m.•3 views

CVE-2025-60021

9.8CVSS0.00307EPSS

Exploits3References2

CVE•added 2026/01/16 8:39 a.m.•52 views

CVE-2025-60021

Apache bRPC CVE-2025-60021 is a remote command injection in the heap profiler built-in service (/pprof/heap) affecting all versions

9.8CVSS7.7AI score0.00307EPSS

In wildExploits3References2Affected Software1

ATTACKERKB•added 2026/01/16 8:39 a.m.•4 views

CVE-2025-60021

9.8CVSS8.8AI score0.00307EPSS

Exploits3References2Affected Software1

Vulnrichment•added 2026/01/16 8:39 a.m.•3 views

CVE-2025-60021 Apache bRPC: Remote command injection vulnerability in heap builtin service

7.7AI score0.00307EPSS

Exploits3References1

Cvelist•added 2026/01/16 8:39 a.m.•23 views

CVE-2025-60021 Apache bRPC: Remote command injection vulnerability in heap builtin service

0.00307EPSS

Exploits3References1

Packet Storm•added 2025/12/05 12:0 a.m.•146 views

📄 Apache bRPC Stack Overflow

A critical stack overflow vulnerability in Apache bRPC's JSON parser allows remote attackers to crash servers via specially crafted deep recursive JSON data. Versions prior to 1.15.0 are affected...

7.5CVSS7.3AI score0.0024EPSS

Exploits2

CNVD•added 2025/12/03 12:0 a.m.•1 views

Apache bRPC Denial of Service Vulnerability (CNVD-2026-00022)

Apache bRPC is the United States Apache Apache Foundation's industrial-grade RPC framework for building reliable and high-performance services. Apache bRPC suffers from a denial of service vulnerability due to an uncontrolled recursion flaw in the json2pb component. An attacker could exploit the...

7.5CVSS6.7AI score0.0024EPSS

Exploits2References1

RedhatCVE•added 2025/12/02 9:26 p.m.•1 views

CVE-2025-59789

Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...

7.5CVSS7.2AI score0.0024EPSS

Exploits2References1

OSV•added 2025/12/01 11:15 a.m.•1 views

CVE-2025-59789

7.5CVSS7.1AI score

Exploits0References2

NVD•added 2025/12/01 11:15 a.m.•3 views

CVE-2025-59789

7.5CVSS0.0024EPSS

Exploits2References2

Cvelist•added 2025/12/01 10:22 a.m.•3 views

CVE-2025-59789 Apache bRPC: Stack Exhaustion via Unbounded Recursion in JSON Parser