CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3308 matches found

RedHat Linux•added 2025/11/24 9:46 a.m.•2 views

redis: Lua library commands may lead to integer overflow and potential RCE

An integer overflow present in the Redis Lua scripting engine that allows an authenticated client to submit a specially crafted Lua script for example via EVAL/EVALSHA that can trigger memory corruption and potentially lead to remote code execution within the Redis server process...

8.8CVSS8AI score0.10506EPSS

Exploits1References7

RedHat Linux•added 2025/11/24 2:5 a.m.•2 views

redis: Lua library commands may lead to integer overflow and potential RCE

8.8CVSS8AI score0.10506EPSS

Exploits1References7

RedHat Linux•added 2025/11/24 2:5 a.m.•1 views

Redis: Redis Lua Use-After-Free may lead to remote code execution

A vulnerability found in Redis where a flaw in the Lua scripting engine can trigger a use-after-free condition. An authenticated attacker can exploit this by running a specially crafted Lua script, potentially resulting in remote code execution RCE within the Redis process...

9.9CVSS7.9AI score0.11111EPSS

Exploits13References8

RedHat Linux•added 2025/11/24 2:5 a.m.•5 views

Important: Red Hat Security Advisory: valkey security update

An update for valkey is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.9CVSS8.2AI score0.11111EPSS

Exploits14References5

RedHat Linux•added 2025/11/24 2:5 a.m.•2 views

Redis: Redis is vulnerable to DoS via specially crafted LUA scripts

A vulnerability was found in Redis where an authenticated user to run a crafted Lua script that can read out‑of‑bounds memory or crash the server, leading to information disclosure and denial of service...

7.1CVSS7.3AI score0.07828EPSS

Exploits0References7

RedHat Linux•added 2025/11/24 2:5 a.m.•1 views

Redis: Redis: Authenticated users can execute LUA scripts as a different user

A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate objects and potentially execute code in another user’s context...

7.3CVSS7.5AI score0.03236EPSS

Exploits0References7

OSV•added 2025/11/24 12:0 a.m.•5 views

ALSA-2025:21916 Important: valkey security update

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

9.9CVSS8.5AI score0.11111EPSS

Exploits14References10

AlmaLinux•added 2025/11/24 12:0 a.m.•4 views

Important: valkey security update

9.9CVSS8.7AI score0.11111EPSS

Exploits14References10

OSV•added 2025/11/24 12:0 a.m.•2 views

ALSA-2025:21936 Important: valkey security update

9.9CVSS9.9AI score0.11111EPSS

Exploits14References10

Tenable Nessus•added 2025/11/24 12:0 a.m.•1 views

RHEL 9 : valkey (RHSA-2025:21916)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21916 advisory. Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, se...

9.9CVSS9.3AI score0.11111EPSS

Exploits14References10

SUSE CVE•added 2025/11/22 12:25 a.m.•3 views

SUSE CVE-2025-12120

Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...

7.3CVSS7.9AI score0.00034EPSS

Exploits1References3

SUSE CVE•added 2025/11/22 12:25 a.m.•1 views

SUSE CVE-2025-12121

Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function was used in project directory launching core.lua, drag-and-drop file handling rootview.lua, and the "open i...

7.3CVSS7.7AI score0.00024EPSS

Exploits1References3

OSV•added 2025/11/21 7:56 p.m.•1 views

MGASA-2025-0307 Updated redis packages fix security vulnerabilities

A Lua script may lead to remote code execution. CVE-2025-49844 A Lua script may lead to integer overflow and potential RCE. CVE-2025-46817 A Lua script can be executed in the context of another user. CVE-2025-46818 LUA out-of-bound read. CVE-2025-46819...

9.9CVSS8.3AI score0.11111EPSS

Exploits14References5

OSV•added 2025/11/21 6:13 p.m.•4 views

RLSA-2025:20926 Important: redis security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

8.8CVSS8.6AI score0.11111EPSS

Exploits14References5

Rockylinux•added 2025/11/21 6:13 p.m.•3 views

redis security update

An update is available for redis. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Redis is an advanced key-value store. It is often referred to as a data-structu...

9.9CVSS8.7AI score0.11111EPSS

Exploits14