Lucene search
K

65 matches found

Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-7871 Insecure Deserialization in Redis Cache Backend

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...

9.8CVSS0.00386EPSS
Exploits0References1
CVE
CVE
added 6 days ago13 views

CVE-2026-7871

CVE-2026-7871 affects IBM Langflow OSS 1.0.0–1.10.0. A deserialization flaw in the Redis cache backend allows attackers with Redis access to execute arbitrary code with full application privileges, compromising secrets, data, and system integrity. IBM notes the issue arises from unsafe deserializ...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week5 views

Security Bulletin: Insecure Deserialization in Redis Cache Backend

Summary A deserialization vulnerability was identified in the Redis cache service that could allow attackers with network access to the Redis instance to execute arbitrary code. The cache service used dill.loads to deserialize cached values without integrity verification, enabling attackers to...

9.8CVSS6.2AI score0.00386EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.12 views

CVE-2026-42472

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from Redis in the RedisHandler object...

9.8CVSS5.5AI score0.0038EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.7 views

CVE-2026-33233

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with...

7.6CVSS5.7AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.17 views

CVE-2026-46424

Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user...

4.2CVSS5.7AI score0.00163EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 6:16 p.m.14 views

CVE-2026-46424

Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user...

4.2CVSS0.00163EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:5 p.m.10 views

CVE-2026-46424

Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user...

4.2CVSS5.7AI score0.00163EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/27 5:5 p.m.9 views

CVE-2026-46424 Budibase: Missing Cache Invalidation on Public API Role Unassignment Allows Revoked Users to Retain Privileges for Up to 1 Hour

Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user...

4.2CVSS5.7AI score0.00163EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 5:5 p.m.47 views

CVE-2026-46424 Budibase: Missing Cache Invalidation on Public API Role Unassignment Allows Revoked Users to Retain Privileges for Up to 1 Hour

Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user...

4.2CVSS0.00163EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 5:5 p.m.14 views

CVE-2026-46424

Budibase vulnerability CVE-2026-46424 affects versions before 3.38.2. The public API endpoint POST /api/public/v1/roles/unassign updates CouchDB user documents but does not invalidate the Redis cache entries used by authentication middleware, so revoked admin/builder/app roles may persist up to 1...

4.2CVSS5.7AI score0.00163EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 5:5 p.m.13 views

EUVD-2026-32597

Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user...

4.2CVSS5.7AI score0.00163EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.14 views

Budibase 安全漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.2 contained security vulnerabilities. These vulnerabilities stemmed from the failure to...

4.2CVSS5.8AI score0.00163EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/19 4:30 p.m.14 views

Budibase: Missing Cache Invalidation on Public API Role Unassignment Allows Revoked Users to Retain Privileges for Up to 1 Hour

Summary The public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user identity and permissions from this cache TTL: 3600 seconds...

4.2CVSS5.8AI score0.00163EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/19 4:30 p.m.5 views

GHSA-6VP2-6R7M-2JVX Budibase: Missing Cache Invalidation on Public API Role Unassignment Allows Revoked Users to Retain Privileges for Up to 1 Hour

Summary The public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user identity and permissions from this cache TTL: 3600 seconds...

4.2CVSS5.8AI score0.00163EPSS
Exploits0References4
NVD
NVD
added 2026/05/19 2:16 a.m.22 views

CVE-2026-33233

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with...

7.6CVSS0.0023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 12:46 a.m.13 views

CVE-2026-33233 AutoGPT Platform: Remote Code Execution via Unsafe Pickle Deserialization of Redis Cache Entries

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with...

7.6CVSS6AI score0.0023EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 12:46 a.m.40 views

CVE-2026-33233 AutoGPT Platform: Remote Code Execution via Unsafe Pickle Deserialization of Redis Cache Entries

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with...

7.6CVSS0.0023EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 12:46 a.m.25 views

CVE-2026-33233

CVE-2026-33233 affects AutoGPT Platform: older releases (0.6.34–0.6.51) deserialize Redis cache bytes with pickle.loads without integrity checks, while writes use pickle.dumps into Redis. The read path blindly calls pickle.loads on bytes with no HMAC/signature or strict schema validation. An atta...

7.6CVSS6AI score0.0023EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:46 a.m.10 views

CVE-2026-33233

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with...

7.6CVSS6AI score0.0023EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder