Lucene search
K

219802 matches found

NVD
NVD
added 2026/05/05 5:17 p.m.7 views

CVE-2026-25588

RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...

8.8CVSS0.01029EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 5:17 p.m.4 views

ALPINE-CVE-2026-25243

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

8.8CVSS6.2AI score0.02995EPSS
Exploits0References1
CVE
CVE
added 2026/05/05 4:50 p.m.40 views

CVE-2026-25589

RedisBloom module for Redis is affected. In versions before 2.8.20, RESTORE may process crafted serialized values without validation, leading to invalid memory access and potential remote code execution when an authenticated user can run RESTORE on a server with RedisBloom loaded. The issue stems...

8.8CVSS6.2AI score0.01206EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/05 4:50 p.m.7 views

EUVD-2026-27414

RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...

7.7CVSS6.2AI score0.01206EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/05 4:48 p.m.38 views

CVE-2026-25588 RedisTimeSeries RESTORE invalid memory access may allow remote code execution

RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...

7.7CVSS0.01029EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/05 4:44 p.m.7 views

EUVD-2026-27410

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

7.7CVSS6.2AI score0.02995EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/05 3:33 p.m.13 views

Malicious code in deployment-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a1345a90cd18e2bfa245f91057cca34707e7d325f4318263176d9fbcef25c1a The package deployment-core was found to contain malicious code. Source: ghsa-malware eca5b6ddf4f0df1086d272518f3383c140b5641ecf506100d93a352e2135441...

5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 3:5 p.m.4 views

CVE-2026-7865

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH...

7.4CVSS5.8AI score0.00753EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/05 3:5 p.m.30 views

CVE-2026-7865 Hidden Console Command

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH...

7.4CVSS0.00753EPSS
Exploits0References2
NVD
NVD
added 2026/05/05 12:16 p.m.17 views

CVE-2026-42436

OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page conten...

7.7CVSS0.00266EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/05 12:5 p.m.7 views

CVE-2026-43504

A flaw was found in Prosody, specifically within the modproxy65 component. When modproxy65 is enabled, it mishandles access control in a paused scenario. This allows an unauthenticated attacker to relay unauthenticated traffic, which can lead to unauthorized data transmission and impact the...

6.5CVSS5.7AI score0.00256EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/05 11:40 a.m.9 views

Malicious code in nf-ui-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5d1fc3aadbb204f6da1c0db37a6e1b540bdcc3964bd033d5657a067d7e246cc The package nf-ui-components was found to contain malicious code. Source: ghsa-malware 4ab8cac0b0cae1864121f4fd7223e6cb7bb0168d113ece4974f94aae4e2418...

5.8AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/05 11:31 a.m.194 views

Exploit for Double Free in Apache Http_Server

CVE-2026-23918-test This repository contains a Proof of Concep...

8.8CVSS5.8AI score0.4581EPSS
Exploits16
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.50 views

CVE-2026-42436 OpenClaw < 2026.4.14 - Internal Page Content Exposure via Browser Snapshot and Screenshot Routes

OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page conten...

7.7CVSS0.00266EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/05 11:24 a.m.2 views

CVE-2026-42436

OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page conten...

7.7CVSS5.8AI score0.00266EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/05 11:24 a.m.7 views

CVE-2026-42436 OpenClaw < 2026.4.14 - Internal Page Content Exposure via Browser Snapshot and Screenshot Routes

OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page conten...

7.7CVSS5.8AI score0.00266EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/05 10:53 a.m.10 views

CVE-2026-42043

A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses within the 127.0.0.0/8 range, excluding 127.0.0.1, the attacker can completely bypass the...

10CVSS5.7AI score0.00661EPSS
Exploits1References4
Circl
Circl
added 2026/05/05 10:0 a.m.9 views

CVE-2026-21661

creationtimestamp| type| source ---|---|--- 2026-05-05 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-125-05...

8.4CVSS5.8AI score0.00108EPSS
Exploits0References1
ICS
ICS
added 2026/05/05 6:0 a.m.10 views

Johnson Controls CEM AC2000

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a standard user to escalate privileges on the host machine. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for...

8.4CVSS5.8AI score0.00108EPSS
Exploits0References13
Hacker One
Hacker One
added 2026/05/05 2:20 a.m.20 views

Rocket.Chat: IDOR: autotranslate.translateMessage Full Message Content Leak

The /api/v1/autotranslate.translateMessage endpoint allowed any authenticated user to retrieve the full content of any message from any room, including private groups, direct messages, and channels. The endpoint fetched the message without performing a room access check, returning the complete...

5.3CVSS5.8AI score0.00252EPSS
Exploits0
Rows per page
Query Builder