redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

MOVEit Transfer - SQL Injection

In Progress MOVEit Transfer before 2020.1.11 12.1.11, 2021.0.9 13.0.9, 2021.1.7 13.1.7, 2022.0.7 14.0.7, 2022.1.8 14.1.8, and 2023.0.4 15.0.4, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized...

CVE-2026-48712

The CVE-2026-48712 vulnerability affects protobufjs (JavaScript) in the toObject() conversion path and the google.protobuf.Any JSON conversion path. Prior to versions 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit when converting decoded messages to plain objects/JSON, allowing a...

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

EUVD-2026-36781

An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...

EUVD-2026-36774

A cross-site scripting XSS vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2026-50883

An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...

CVE-2026-50876

A cross-site scripting XSS vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

CVE-2026-50883

An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...

CVE-2026-50876

A cross-site scripting XSS vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2026-50876

The CVE-2026-50876 issue affects Deck9 Input v2.0.1 and is described as a cross-site scripting (XSS) vulnerability that allows attackers to run arbitrary web scripts or HTML via a crafted payload. The documented impact is limited to client-side script execution with low to moderate risk according...

PT-2026-49324

Name of the Vulnerable Software and Affected Versions matze wastebin version 3.4.1 Description An HTML injection issue in the /src/highlight.rs component allows attackers to execute arbitrary scripts using a crafted payload. HTML injection is a process where an attacker inserts malicious HTML cod...

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

CVE-2026-36728

A markdown based cross-site scripting XSS vulnerability in the AI assistant chat function of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a chat message...

CVE-2025-14870

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted JSON payloads due to insufficient input validation...

EUVD-2026-34774

In OpenStack Ironic 32 through 35.0.1, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

CVE-2019-25736

LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a specially formatted input file with shellcode and overwrite the return address to execute calc.ex...

EUVD-2019-20172

LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a specially formatted input file with shellcode and overwrite the return address to execute calc.ex...