Lucene search
+L

30 matches found

nvd
nvd
added 2026/06/26 6:17 p.m.8 views

CVE-2026-54341

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process SIGSEGV. Because DragonflyDB requires no authentication by defaul...

7.5CVSS0.00399EPSS
Exploits0References2
cve
cve
added 2026/06/26 4:42 p.m.15 views

CVE-2026-54341

Dragonfly (DragonflyDB) before version 1.39.0 is vulnerable: a crafted RESTORE payload triggers an out-of-bounds read in the listpack collection loaders, crashing the server (SIGSEGV). The issue is exploitable remotely without authentication via a single ~24-byte RESTORE command, enabling unauthe...

7.5CVSS5.9AI score0.00399EPSS
Exploits0References2
euvd
euvd
added 2026/06/26 4:42 p.m.8 views

EUVD-2026-39811

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process SIGSEGV. Because DragonflyDB requires no authentication by defaul...

7.5CVSS5.9AI score0.00399EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/26 4:42 p.m.85 views

CVE-2026-54341

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process SIGSEGV. Because DragonflyDB requires no authentication by defaul...

7.5CVSS5.9AI score0.00399EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/06/26 4:42 p.m.3 views

CVE-2026-54341 Dragonfly: RESTORE operations may crash the server

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process SIGSEGV. Because DragonflyDB requires no authentication by defaul...

7.5CVSS6AI score0.00399EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/01/22 12:0 a.m.9 views

Dragonfly Access Control Vulnerability

Dragonfly is an open-source framework developed by DragonflyDB, capable of dynamically processing any content type. Versions of Dragonfly 2.4.1-rc.0 and earlier contained a access control vulnerability. This vulnerability stemmed from the absence of JWT authentication and RBAC authorization check...

9.8CVSS5.8AI score0.00713EPSS
Exploits1References3
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-12281

Malicious code in bioql PyPI...

5.5CVSS6.5AI score0.00254EPSS
Exploits1References4
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-14851

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00353EPSS
Exploits1References3
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-28478

Malicious code in bioql PyPI...

9.4CVSS6.5AI score0.00355EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/09/17 12:0 a.m.7 views

Dragonfly 安全漏洞

Dragonfly is an open source framework from DragonflyDB that allows dynamic processing of any content type. A security vulnerability exists in Dragonfly versions prior to 2.1.0 that stems from the use of insecure hash functions such as MD5, which could lead to malicious file replacement...

6.9CVSS8.9AI score0.00152EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/06/25 9:54 a.m.10 views

CVE-2025-52935

Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly src/redis/lua/struct modules. This vulnerability is associated with program files luastruct.C. This issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18...

9.4CVSS7.3AI score0.00355EPSS
Exploits0References1
nvd
nvd
added 2025/06/23 10:15 a.m.5 views

CVE-2025-52935

Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly src/redis/lua/struct modules. This vulnerability is associated with program files luastruct.C. This issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18...

9.4CVSS0.00355EPSS
Exploits0References2
cvelist
cvelist
added 2025/06/23 9:27 a.m.17 views

CVE-2025-52935 Integer Overflow or Wraparound vulnerability in dragonflydb/dragonfly

Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly src/redis/lua/struct modules. This vulnerability is associated with program files luastruct.C. This issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18...

9.4CVSS0.00355EPSS
Exploits0References2
osv
osv
added 2025/06/23 9:27 a.m.10 views

CVE-2025-52935 Integer Overflow or Wraparound vulnerability in dragonflydb/dragonfly

Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly src/redis/lua/struct modules. This vulnerability is associated with program files luastruct.C. This issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18...

9.4CVSS7.2AI score0.00355EPSS
Exploits0References5
cve
cve
added 2025/06/23 9:27 a.m.27 views

CVE-2025-52935

The CVE-2025-52935 entry concerns an Integer Overflow or Wraparound vulnerability in dragonflydb/dragonfly, specifically in the src/redis/lua/struct modules (lua_struct.C). Affected versions are dragonfly 1.28.18 through 1.30.1. The issue is confirmed across multiple sources (e.g., PT-2025-26585)...

9.4CVSS6.7AI score0.00355EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/06/23 9:27 a.m.4 views

CVE-2025-52935 Integer Overflow or Wraparound vulnerability in dragonflydb/dragonfly

Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly src/redis/lua/struct modules. This vulnerability is associated with program files luastruct.C. This issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18...

9.4CVSS6.6AI score0.00355EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/04/26 5:0 a.m.17 views

CVE-2025-26268

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service daemon crash via a crafted Redis command. The validity of the scan cursor was not checked...

6.5CVSS6.5AI score0.00353EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/04/26 4:58 a.m.13 views

CVE-2025-26269

DragonflyDB Dragonfly through 1.28.2 fixed in 1.29.0 allows authenticated users to cause a denial of service daemon crash via a Lua library command that references a large negative integer...

5.5CVSS6.7AI score0.00254EPSS
Exploits1References1
nvd
nvd
added 2025/04/17 6:15 p.m.16 views

CVE-2025-26269

DragonflyDB Dragonfly through 1.28.2 fixed in 1.29.0 allows authenticated users to cause a denial of service daemon crash via a Lua library command that references a large negative integer...

5.5CVSS0.00254EPSS
Exploits1References3
nvd
nvd
added 2025/04/17 6:15 p.m.15 views

CVE-2025-26268

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service daemon crash via a crafted Redis command. The validity of the scan cursor was not checked...

6.5CVSS0.00353EPSS
Exploits1References3
Rows per page
Query Builder