CVE-2025-59792
- EPSS 0.05%
- Veröffentlicht 28.11.2025 14:21:22
- Zuletzt bearbeitet 04.12.2025 17:04:38
Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.
CVE-2025-59790
- EPSS 0.13%
- Veröffentlicht 28.11.2025 14:20:31
- Zuletzt bearbeitet 04.12.2025 17:03:00
Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.
CVE-2025-26413
- EPSS 0.36%
- Veröffentlicht 22.04.2025 07:07:49
- Zuletzt bearbeitet 23.06.2025 19:25:25
Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the `offset` input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is out of range. This...
CVE-2025-25069
- EPSS 0.87%
- Veröffentlicht 07.02.2025 13:15:32
- Zuletzt bearbeitet 16.07.2025 14:47:38
A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database opera...