Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/25 8:1 a.m.25 views

CVE-2026-45188 Apache Kvrocks: Replication Fullsync Path Traversal via Unvalidated Filename Handling

Relative Path Traversal vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

2.4CVSS0.00155EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 8:1 a.m.5 views

CVE-2026-45188

The CVE-2026-45188 entry describes a Relative Path Traversal affecting Apache Kvrocks versions 1.0.0 through 2.15.0. The vulnerability stems from path handling during replication/fullsync via unvalidated filename handling, enabling traversal to restricted paths. Consequences are defined as potent...

2.4CVSS5.8AI score0.00155EPSS
Exploits0References2
OSV
OSV
added 2026/05/21 9:28 a.m.5 views

CLSA-2026-1779351595 Fix CVE(s): CVE-2026-23631

SECURITY UPDATE: Use-after-free in readSyncBulkPayload during fullsync - debian/patches/0015-CVE-2026-23631.patch: guard readSyncBulkPayload in src/replication.c with an early return when server.luatimedout is set, so a fullsync cannot free the Lua scripting engine while a timed-out script is sti...

8.8CVSS5.8AI score0.01782EPSS
Exploits0References1
OSV
OSV
added 2026/05/15 12:19 p.m.7 views

CLSA-2026-1778845249 redis: Fix of 2 CVEs

CVE-2026-23631: fix use-after-free in readSyncBulkPayload when fullsync happens while a Lua script is timed out on the replica - CVE-2026-25243: fix invalid memory access in RESTORE on crafted zipmap, listpack and stream PEL payloads...

8.8CVSS5.8AI score0.02995EPSS
Exploits0References1
Rows per page
Query Builder