Lucene search
K

5132 matches found

RedHat Linux
RedHat Linux
added yesterday5 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.21.1 security update

Important: Red Hat OpenShift GitOps v1.21.1 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-10083 RC 1.21.0-7: Missing permission for web-based terminal in Argocd UI GITOPS-10178 OpenShift GitOps operator v1.21.0 breaks Redis-HA...

7.5CVSS6AI score0.00813EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added yesterday6 views

Important: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

9.6CVSS6AI score0.00478EPSS
Exploits0References2
NVD
NVD
added 6 days ago5 views

CVE-2026-14265

Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an actor with write access to the shared cache infrastructure to execute arbitrary code on application servers that read cached query results via a...

7.7CVSS0.00407EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-54642

Name of the Vulnerable Software and Affected Versions AWS Advanced JDBC Wrapper versions 3.3.0 through 4.0.0 Description Deserialization of untrusted data in the RemoteQueryCachePlugin allows an actor with write access to the shared cache infrastructure to execute arbitrary code on application...

7.7CVSS6.3AI score0.00407EPSS
Exploits0References7
NVD
NVD
added last week5 views

CVE-2026-7871

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...

9.8CVSS0.00386EPSS
Exploits0References1
EUVD
EUVD
added last week6 views

EUVD-2026-40382

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References1
CVE
CVE
added last week15 views

CVE-2026-7871

CVE-2026-7871 affects IBM Langflow OSS 1.0.0–1.10.0. A deserialization flaw in the Redis cache backend allows attackers with Redis access to execute arbitrary code with full application privileges, compromising secrets, data, and system integrity. IBM notes the issue arises from unsafe deserializ...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added last week37 views

CVE-2026-7871 Insecure Deserialization in Redis Cache Backend

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...

9.8CVSS0.00386EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 10:49 a.m.3 views

RHSA-2026:33444 Red Hat Security Advisory: redis:7 security update

Bulletin has no description...

8.8CVSS5.7AI score0.01782EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/06/30 9:46 a.m.6 views

redis: Remote code execution via use-after-free in Lua scripting

A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...

8.8CVSS5.7AI score0.01782EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 9:46 a.m.8 views

Important: Red Hat Security Advisory: redis:7 security update

An update for the redis:7 module is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.8CVSS6.3AI score0.01782EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/30 7:5 a.m.6 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6.2AI score0.02995EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 7:5 a.m.7 views

Important: Red Hat Security Advisory: redis:6 security update

An update for the redis:6 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

8.8CVSS6.4AI score0.02995EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53948

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Users with access to Redis can execute arbitrary code with full application privileges. This allows for the compromise of all secrets, data, and system integrity. Recommendations At th...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 7:50 p.m.5 views

Security Bulletin: Insecure Deserialization in Redis Cache Backend

Summary A deserialization vulnerability was identified in the Redis cache service that could allow attackers with network access to the Redis instance to execute arbitrary code. The cache service used dill.loads to deserialize cached values without integrity verification, enabling attackers to...

9.8CVSS6.2AI score0.00386EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

Photon OS 4.0: Redis PHSA-2026-4.0-1038

An update of the redis package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1038. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

8.8CVSS6.1AI score0.02995EPSS
Exploits4References4
ATTACKERKB
ATTACKERKB
added 2026/06/26 6:57 p.m.6 views

CVE-2026-52783

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth accesstoken plaintext to Rails.cache under the deterministic key storage..httpxaccesstoken, repopulated continuously by an...

8.2CVSS5.6AI score0.00129EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/26 6:16 p.m.8 views

CVE-2026-47206

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.errorreply in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing...

2.3CVSS0.00283EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 4:39 p.m.34 views

CVE-2026-47206 Dragonfly: RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.errorreply in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing...

2.3CVSS0.00283EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 11:46 a.m.4 views

RHSA-2026:29817 Red Hat Security Advisory: redis:6 security update

Bulletin has no description...

8.8CVSS5.7AI score0.02995EPSS
Exploits0References9
Rows per page
Query Builder