Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/17 9:15 a.m.11 views

CVE-2025-60021

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

9.8CVSS8.1AI score0.26163EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/01/16 8:39 a.m.28 views

CVE-2025-60021 Apache bRPC: Remote command injection vulnerability in heap builtin service

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

0.26163EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/01/16 8:39 a.m.3 views

CVE-2025-60021 Apache bRPC: Remote command injection vulnerability in heap builtin service

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

7.7AI score0.26163EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.6 views

PT-2026-3235

Apache bRPC and Affected Versions Apache bRPC versions prior to 1.15.0 Description Apache bRPC contains a remote command injection flaw in the heap profiler built-in service. The /pprof/heap endpoint does not properly validate the extra options parameter, allowing attackers to execute arbitrary...

10CVSS9.2AI score0.26163EPSS
Exploits3References37
Rows per page
Query Builder