4 matches found
CVE-2026-59219 Open WebUI: Realtime endpoints accept Redis-revoked JWTs after signout/backchannel logout
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decodetoken without the Redis-backed...
CacheCloud 代码注入漏洞
CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from an incorrect operation of the function preview in file...
FreeBSD : redis,valkey -- DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client (af8d043f-20df-11f0-b9c5-000c295725e4)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the af8d043f-20df-11f0-b9c5-000c295725e4 advisory. Axel Mierczuk reports: By default, the Redis configuration does not limit the output buffer of normal...
CVE-2021-41172
ASRedis is an AntSword plugin for Redis. The Redis Manage plugin for AntSword prior to version 0.5 is vulnerable to Self-XSS due to due to insufficient input validation and sanitization via redis server configuration. Self-XSS in the plugin configuration leads to code execution. This issue is...