Lucene search
K

1351 matches found

Vulnrichment
Vulnrichment
added 2026/05/05 4:50 p.m.4 views

CVE-2026-25589 RedisBloom RESTORE invalid memory access may allow remote code execution

RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...

7.7CVSS6.2AI score0.01331EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/05 4:48 p.m.38 views

CVE-2026-25588 RedisTimeSeries RESTORE invalid memory access may allow remote code execution

RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...

7.7CVSS0.01029EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/05 4:48 p.m.5 views

CVE-2026-25588 RedisTimeSeries RESTORE invalid memory access may allow remote code execution

RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...

7.7CVSS6.2AI score0.01029EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/05 4:44 p.m.5 views

CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

7.7CVSS6.2AI score0.02995EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/05 4:44 p.m.38 views

CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

7.7CVSS0.02995EPSS
Exploits0References2
CVE
CVE
added 2026/05/05 4:44 p.m.437 views

CVE-2026-25243

Redis server vulnerability CVE-2026-25243: In Redis up to version 8.6.3, the RESTORE command fails to properly validate serialized values, allowing an authenticated attacker with RESTORE access to supply a crafted payload that may trigger invalid memory access and potentially lead to remote code ...

8.8CVSS6.2AI score0.02995EPSS
Exploits0References19Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/05 4:44 p.m.5 views

CVE-2026-25243

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

8.8CVSS6.2AI score0.02995EPSS
Exploits0References19
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

RedisTimeSeries 安全漏洞

RedisTimeSeries is an open-source time series data structure for Redis. Versions of RedisTimeSeries prior to 1.12.14 have a security vulnerability. This vulnerability stems from the module not properly verifying the serialized values processed via the Redis RESTORE command. Authorized attackers c...

8.8CVSS6.2AI score0.01029EPSS
Exploits0References2
OSV
OSV
added 2026/04/27 6:33 p.m.11 views

JLSEC-2026-253 Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server...

Issue summary: Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of...

7.5CVSS6.6AI score0.66594EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/04/24 9:44 p.m.6 views

CVE-2026-31646

A flaw was found in the Linux kernel's lan966x network driver. An error in handling the return value from the pagepoolcreate function can lead to the use of an invalid memory pointer. This improper error handling can cause a kernel oops, resulting in a Denial of Service DoS for the affected syste...

5.5CVSS5.3AI score0.00122EPSS
Exploits0References4
OSV
OSV
added 2026/04/23 3:10 p.m.10 views

JLSEC-2026-181

A mongocbulkoperationt may read invalid memory if large options are passed...

6.9CVSS5.7AI score0.00185EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011347)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011347 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: croseckeyb - fix an invalid memory access If croseckeybregistermatrix isn't called due to...

5.8AI score0.00167EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013100)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013100 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: croseckeyb - fix an invalid memory access If croseckeybregistermatrix isn't called due to...

5.7AI score0.00167EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007461)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007461 advisory. In the Linux kernel, the following vulnerability has been resolved: staging: vt6655: fix some erroneous memory clean-up loops In some initialization functions of thi...

5.5CVSS5.8AI score0.0019EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 9:1 a.m.5 views

CVE-2026-23350

A flaw was found in the Linux kernel. When an execution queue fails to initialize in the drm/xe/queue component, the system does not properly finalize it, leaving a damaged entry in a critical lookup list. This can lead to an invalid memory reference, potentially causing system instability or a...

5.9AI score0.00129EPSS
Exploits0References4
NVD
NVD
added 2026/02/18 4:22 p.m.4 views

CVE-2025-71231

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in findemptyiaacompressionmode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned. If no empty compression mode can b...

7.1CVSS0.00117EPSS
Exploits0References4
CNVD
CNVD
added 2026/02/05 12:0 a.m.4 views

Google SentencePiece Buffer Overflow Vulnerability

Google SentencePiece is an unsupervised text splitter for neural network-based text generation from Google USA. Google SentencePiece suffers from a buffer overflow vulnerability that stems from an invalid memory access when using a vulnerable model file created by an unusual training process. No...

8.5CVSS6AI score0.00163EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/01/30 12:27 a.m.4 views

SUSE CVE-2025-69420

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

5.3CVSS5.9AI score0.00768EPSS
Exploits1References23
NVD
NVD
added 2026/01/27 4:16 p.m.10 views

CVE-2026-22796

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...

5.3CVSS0.00502EPSS
Exploits1References7
OSV
OSV
added 2026/01/27 4:16 p.m.6 views

AZL-75896 CVE-2025-69420 affecting package edk2 for versions less than 20240524git3e722403cd16-14

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

7.5CVSS7.1AI score0.00768EPSS
Exploits1References1
Rows per page
Query Builder