Lucene search
K
ApacheKvrocks

4 matches found

CVE
CVE
added 2025/02/07 12:46 p.m.80 views

CVE-2025-25069

The CVE-2025-25069 entry describes a Cross-Protocol Scripting vulnerability in Apache Kvrocks, where Kvrocks does not detect Host: or POST in RESP requests, allowing an HTTP request to be interpreted as a RESP request and potentially trigger dangerous database operations, especially when chained ...

6.5CVSS6.8AI score0.00723EPSS
CVE
CVE
added 2025/04/22 7:7 a.m.52 views

CVE-2025-26413

CVE-2025-26413 describes an improper input validation in Apache Kvrocks where the SETRANGE command does not verify that the offset input is a positive integer, using it as a string index and potentially causing a server crash (out-of-range index). Affected versions are Kvrocks up to 2.11.1; remed...

7.5CVSS6.7AI score0.00612EPSS
CVE
CVE
added 2025/11/28 2:20 p.m.14 views

CVE-2025-59790

CVE-2025-59790 affects Apache Kvrocks (versions 2.9.0–2.13.0). The root issue is improper privilege management, specifically relating to the RESET command, which can elevate privileges to administrator level. A fix is available in Kvrocks 2.14.0. Multiple sources (NVD, RH, CNVD, OSV, CNVD/others)...

5.4CVSS6.6AI score0.00356EPSS
CVE
CVE
added 2025/11/28 2:21 p.m.11 views

CVE-2025-59792

CVE-2025-59792 affects Apache Kvrocks 1.0.0–2.13.0, where the MONITOR command discloses plaintext credentials. Root cause is information disclosure via MONITOR exposure to non-admins. Impact is exposure of sensitive data; CVSS vector indicates network access, low integrity/availability impact. A ...

5.3CVSS6.8AI score0.00257EPSS