Lucene search
K

6 matches found

OSV
OSV
β€’added 2026/05/07 11:43 a.m.β€’4 views

BIT-KEYDB-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

8.8CVSS6.2AI score0.02995EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
β€’added 2026/05/06 12:0 a.m.β€’12 views

Linux Distros Unpatched Vulnerability : CVE-2026-23479

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from...

8.8CVSS7.6AI score0.01286EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
β€’added 2026/05/06 12:0 a.m.β€’31 views

Linux Distros Unpatched Vulnerability : CVE-2026-25243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An...

8.8CVSS5.8AI score0.02995EPSS
Exploits0References3
OSV
OSV
β€’added 2026/05/05 5:17 p.m.β€’7 views

ALPINE-CVE-2026-23631

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...

8.1CVSS6.1AI score0.01782EPSS
Exploits0References1
CVE
CVE
β€’added 2026/05/05 4:39 p.m.β€’51 views

CVE-2026-23631

CVE-2026-23631 affects the Redis server when using Lua scripting. An authenticated attacker can abuse the master–replica synchronization to trigger a use-after-free on replicas with replica-read-only disabled (or that can be disabled), potentially enabling remote code execution. The issue is miti...

8.8CVSS6.1AI score0.01782EPSS
Exploits0References11Affected Software1
ATTACKERKB
ATTACKERKB
β€’added 2026/05/05 4:39 p.m.β€’3 views

CVE-2026-23631

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...

6.1CVSS6.1AI score0.01782EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder