CVE-2026-41566
- EPSS 0.27%
- Veröffentlicht 25.06.2026 08:04:25
- Zuletzt bearbeitet 25.06.2026 13:27:40
Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: 2.8.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.
CVE-2026-45188
- EPSS 0.14%
- Veröffentlicht 25.06.2026 08:01:49
- Zuletzt bearbeitet 25.06.2026 13:27:40
Relative Path Traversal vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.
CVE-2026-46751
- EPSS 0.28%
- Veröffentlicht 25.06.2026 08:01:00
- Zuletzt bearbeitet 25.06.2026 13:27:40
A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.2.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.
- EPSS 0.34%
- Veröffentlicht 25.06.2026 08:00:18
- Zuletzt bearbeitet 25.06.2026 13:27:40
Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.
CVE-2026-54226
- EPSS 0.32%
- Veröffentlicht 25.06.2026 07:59:24
- Zuletzt bearbeitet 25.06.2026 14:16:46
A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.6.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.
CVE-2025-59792
- EPSS 0.26%
- Veröffentlicht 28.11.2025 14:21:22
- Zuletzt bearbeitet 04.12.2025 17:04:38
Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.
CVE-2025-59790
- EPSS 0.36%
- Veröffentlicht 28.11.2025 14:20:31
- Zuletzt bearbeitet 04.12.2025 17:03:00
Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.
CVE-2025-26413
- EPSS 0.61%
- Veröffentlicht 22.04.2025 07:07:49
- Zuletzt bearbeitet 23.06.2025 19:25:25
Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the `offset` input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is out of range. This...
CVE-2025-25069
- EPSS 0.78%
- Veröffentlicht 07.02.2025 13:15:32
- Zuletzt bearbeitet 16.07.2025 14:47:38
A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database opera...