category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.4	CVE-2026-54226	Apache Kvrocks: RESTORE IntSet Integer Overflow Leads to Remote DoS_CVE-2026-54226 A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.6.0 through 2.15.0. Users are recommended to upgrade to version 2.16...	Apache Software Foundation	Apache Kvrocks 2.6.0	Jun 25, 2026	CVE
CRITICAL 10	CVE-2026-46752	Apache Kvrocks: Stack buffer overflow in Lua bit.tohex()_CVE-2026-46752 Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0. Users are...	Apache Software Foundation	Apache Kvrocks 2.0.4	Jun 25, 2026	CVE
MEDIUM 5.5	CVE-2026-46751	Apache Kvrocks: Does not remove the unsafe loadstring function from its Lua sandbox, allowing a user who can run EVAL scripts to load crafted, unvalidated bytecode that crashes the server process, resulting in a remote denial of service._CVE-2026-46751 A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.2.0 through 2.15.0. Users are recommended to upgrade to version 2.16...	Apache Software Foundation	Apache Kvrocks 2.2.0	Jun 25, 2026	CVE
LOW 2.4	CVE-2026-45188	Apache Kvrocks: Replication Fullsync Path Traversal via Unvalidated Filename Handling_CVE-2026-45188 Relative Path Traversal vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.15.0. Users are recommended to u...	Apache Software Foundation	Apache Kvrocks 1.0.0	Jun 25, 2026	CVE
CRITICAL 9.4	CVE-2026-41566	Apache Kvrocks: Improper permission for the APPLYBATCH command_CVE-2026-41566 Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: 2.8.0. Users are ...	Apache Software Foundation	Apache Kvrocks 2.8.0	Jun 25, 2026	CVE
HIGH 8.2	CVE-2026-12490	Bypass of client certificate verification with transfer over TLS_CVE-2026-12490 When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no...	NLnet Labs	NSD 4.10.1	Jun 25, 2026	CVE
HIGH 7.2	CVE-2026-12246	Out of bounds stack write with crafted APL RR_CVE-2026-12246 NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite...	NLnet Labs	NSD 4.14.0	Jun 25, 2026	CVE
HIGH 8.7	CVE-2026-12245	Denial of DNS over TLS service by any DoT client_CVE-2026-12245 NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be tri...	NLnet Labs	NSD 4.13.0	Jun 25, 2026	CVE
HIGH 8.7	CVE-2026-12244	Heap overflow and crash with crafted SVCB RR_CVE-2026-12244 If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted S...	NLnet Labs	NSD 4.14.0	Jun 25, 2026	CVE
MEDIUM 5.5	CVE-2026-56129	CVE-2026-56129_CVE-2026-56129 Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A l...	Dynabook Inc.	Generic IO & Memory Access driver all versions	Jun 25, 2026	CVE