Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
πŸ”₯ Daily Hot!
πŸ’ͺ🏽 CPE Enhanced Advisories
πŸ•Ά Shadow Exploits
πŸ•΅πŸΌ Vulners CPE
πŸ” Security news
πŸ’» Exploit updates
πŸ“‘ Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
πŸ€– AI High Score
πŸ“° CVE Feed
show all

22 matches found

Debian CVE
Debian CVEβ€’added 2026/05/27 6:41 p.m.β€’6 views

CVE-2026-45104

MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying β€” it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...

7.5CVSS5.8AI score0.00053EPSS
Exploits1
Amazon
Amazonβ€’added 2026/05/26 12:0 a.m.β€’10 views

Important: valkey

Issue Overview: Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated...

8.8CVSS6.1AI score0.00119EPSS
Exploits4
OSV
OSVβ€’added 2026/05/07 11:43 a.m.β€’1 views

BIT-KEYDB-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

8.8CVSS6.2AI score0.00109EPSS
Exploits0References3
Positive Technologies
Positive Technologiesβ€’added 2026/05/07 12:0 a.m.β€’6 views

PT-2026-38483

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...

8.1CVSS6.1AI score0.00092EPSS
Exploits0References4
Positive Technologies
Positive Technologiesβ€’added 2026/05/07 12:0 a.m.β€’4 views

PT-2026-38474

Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger...

8.8CVSS6.1AI score0.00119EPSS
Exploits4References4
Positive Technologies
Positive Technologiesβ€’added 2026/05/07 12:0 a.m.β€’5 views

PT-2026-38469

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

8.8CVSS6.2AI score0.00109EPSS
Exploits0References4
SUSE CVE
SUSE CVEβ€’added 2026/05/06 1:44 a.m.β€’2 views

SUSE CVE-2026-23479

Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger...

7.5CVSS6.1AI score0.00119EPSS
Exploits4References7
Tenable Nessus
Tenable Nessusβ€’added 2026/05/06 12:0 a.m.β€’2 views

Linux Distros Unpatched Vulnerability : CVE-2026-25243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An...

8.8CVSS5.7AI score0.00109EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusβ€’added 2026/05/06 12:0 a.m.β€’4 views

Linux Distros Unpatched Vulnerability : CVE-2026-23631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica...

8.1CVSS5.8AI score0.00092EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusβ€’added 2026/05/06 12:0 a.m.β€’5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23479

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from...

8.8CVSS6.2AI score0.00119EPSS
Exploits4References4
OSV
OSVβ€’added 2026/05/05 5:17 p.m.β€’2 views

ALPINE-CVE-2026-23631

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...

8.1CVSS6.1AI score0.00092EPSS
Exploits0References1
NVD
NVDβ€’added 2026/05/05 5:17 p.m.β€’0 views

CVE-2026-23479

Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger...

8.8CVSS0.00119EPSS
Exploits4References2
EUVD
EUVDβ€’added 2026/05/05 4:44 p.m.β€’3 views

EUVD-2026-27410

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

7.7CVSS6.2AI score0.00109EPSS
Exploits0References2
Cvelist
Cvelistβ€’added 2026/05/05 4:44 p.m.β€’35 views

CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

7.7CVSS0.00109EPSS
Exploits0References2
CVE
CVEβ€’added 2026/05/05 4:39 p.m.β€’30 views

CVE-2026-23631

CVE-2026-23631 affects the Redis server when using Lua scripting. An authenticated attacker can abuse the master–replica synchronization to trigger a use-after-free on replicas with replica-read-only disabled (or that can be disabled), potentially enabling remote code execution. The issue is miti...

8.1CVSS6.1AI score0.00092EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBβ€’added 2026/05/05 4:39 p.m.β€’0 views

CVE-2026-23631

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...

6.1CVSS6.1AI score0.00092EPSS
Exploits0References3Affected Software1
EUVD
EUVDβ€’added 2026/05/05 4:39 p.m.β€’2 views

EUVD-2026-27398

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...

6.1CVSS6.1AI score0.00092EPSS
Exploits0References2
CVE
CVEβ€’added 2026/05/05 4:36 p.m.β€’44 views

CVE-2026-23479

Redis server 7.2.0–8.6.3 is affected by a use-after-free in the unblock client flow when re-executing a blocked command if an error return from processCommandAndResetClient isn’t handled. If a blocked client is evicted during this path, an authenticated attacker could potentially achieve remote c...

8.8CVSS6.1AI score0.00119EPSS
Exploits4References2Affected Software1
Debian CVE
Debian CVEβ€’added 2026/05/05 4:36 p.m.β€’2 views

CVE-2026-23479

Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger...

8.8CVSS6.1AI score0.00119EPSS
Exploits4
OSV
OSVβ€’added 2022/02/10 12:31 a.m.β€’2 views

GHSA-3C7P-VV5R-CMR5 Incorrect Authorization in Apache Solr

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous which could be used for remote code execution to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such featur...

9.8CVSS7.4AI score0.84821EPSS
Exploits1References25
Rows per page
Query Builder