2 matches found
CVE-2025-25069
The CVE-2025-25069 entry describes a Cross-Protocol Scripting vulnerability in Apache Kvrocks, where Kvrocks does not detect Host: or POST in RESP requests, allowing an HTTP request to be interpreted as a RESP request and potentially trigger dangerous database operations, especially when chained ...
CVE-2025-26413
CVE-2025-26413 describes an improper input validation in Apache Kvrocks where the SETRANGE command does not verify that the offset input is a positive integer, using it as a string index and potentially causing a server crash (out-of-range index). Affected versions are Kvrocks up to 2.11.1; remed...