Lucene search
K

5160 matches found

NVD
NVD
added 2026/06/30 8:17 p.m.5 views

CVE-2026-7871

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...

9.8CVSS0.00386EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 7:14 p.m.6 views

EUVD-2026-40382

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:14 p.m.20 views

CVE-2026-7871

CVE-2026-7871 affects IBM Langflow OSS 1.0.0–1.10.0. A deserialization flaw in the Redis cache backend allows attackers with Redis access to execute arbitrary code with full application privileges, compromising secrets, data, and system integrity. IBM notes the issue arises from unsafe deserializ...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 7:14 p.m.47 views

CVE-2026-7871 Insecure Deserialization in Redis Cache Backend

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...

9.8CVSS0.00386EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 11:31 a.m.3 views

OPENSUSE-SU-2026:21184-1 Security update for coturn

This update for coturn fixes the following issues: Changes in coturn: - Update to version 4.14.0 New No more dependency on prometheus-client-c HTTPS support for prometheus client optional TLS support for redis - now compatible with managed redis optional. Rate limiting "401 Unauthorized" response...

7.7CVSS7.4AI score0.00363EPSS
Exploits1References4
OSV
OSV
added 2026/06/30 10:49 a.m.6 views

RHSA-2026:33444 Red Hat Security Advisory: redis:7 security update

Bulletin has no description...

8.8CVSS5.7AI score0.01782EPSS
Exploits0References9
OSV
OSV
added 2026/06/30 10:49 a.m.6 views

RHSA-2026:33427 Red Hat Security Advisory: redis:6 security update

Bulletin has no description...

8.8CVSS5.7AI score0.02995EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/06/30 9:46 a.m.10 views

Important: Red Hat Security Advisory: redis:7 security update

An update for the redis:7 module is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.8CVSS6.3AI score0.01782EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/30 9:46 a.m.7 views

redis: Remote code execution via use-after-free in Lua scripting

A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...

8.8CVSS5.7AI score0.01782EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 7:5 a.m.7 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6.2AI score0.02995EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 7:5 a.m.8 views

Important: Red Hat Security Advisory: redis:6 security update

An update for the redis:6 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

8.8CVSS6.4AI score0.02995EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53948

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Users with access to Redis can execute arbitrary code with full application privileges. This allows for the compromise of all secrets, data, and system integrity. Recommendations At th...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 7:50 p.m.5 views

Security Bulletin: Insecure Deserialization in Redis Cache Backend

Summary A deserialization vulnerability was identified in the Redis cache service that could allow attackers with network access to the Redis instance to execute arbitrary code. The cache service used dill.loads to deserialize cached values without integrity verification, enabling attackers to...

9.8CVSS6.2AI score0.00386EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

Photon OS 4.0: Redis PHSA-2026-4.0-1038

An update of the redis package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1038. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

8.8CVSS6.1AI score0.02995EPSS
Exploits4References4
ATTACKERKB
ATTACKERKB
added 2026/06/26 6:57 p.m.7 views

CVE-2026-52783

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth accesstoken plaintext to Rails.cache under the deterministic key storage..httpxaccesstoken, repopulated continuously by an...

8.2CVSS5.6AI score0.00129EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/26 6:16 p.m.8 views

CVE-2026-47206

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.errorreply in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing...

2.3CVSS0.00283EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 4:39 p.m.35 views

CVE-2026-47206 Dragonfly: RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.errorreply in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing...

2.3CVSS0.00283EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 11:46 a.m.4 views

RHSA-2026:29817 Red Hat Security Advisory: redis:6 security update

Bulletin has no description...

8.8CVSS5.7AI score0.02995EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52914

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description The Storages module writes the OneDrive/SharePoint userless OAuth access token in plaintext to the Rails.cache using the deterministic key storage..httpx...

8.2CVSS5.8AI score0.00129EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.16 views

RHEL 8 : redis:6 (RHSA-2026:29817)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:29817 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...

8.8CVSS6.4AI score0.02995EPSS
Exploits0References4
Rows per page
Query Builder