CVE-2026-42088

Summary: CVE-2026-42088 affects OpenC3 COSMOS before 7.0.0-rc3. The Script Runner widget in the openc3-COSMOS-script-runner-api container allows any user with script permissions to bypass API checks and perform administrative actions across the docker network. This can enable reading/modifying da...

📄 Pi-hole 5.18.3 Remote Code Execution

This PHP script is an authenticated remote code execution exploit targeting Pi-hole's web admin interface. It requires valid administrator credentials to log in, obtains a CSRF token, and abuses the adlist management feature by injecting a crafted gopher:// URL. The payload forces the server to...

CVE-2025-59669

A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data...

EUVD-2020-5604

Malware in sbrugna...

EUVD-2024-32204

Malicious code in bioql PyPI...

Denial-of-service due to malformed ACL selectors in Redis

...

PT-2024-5047 · Argo Cd +1 · Argo Cd +1

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.8.19 Argo CD versions prior to 2.9.15 Argo CD versions prior to 2.10.10 Description: The issue concerns an unprivileged pod in a different namespace on the same cluster being able to connect to the Redis server on...

Fortinet FortiPresence Authentication Error Vulnerability

Fortinet FortiPresence is a comprehensive data analytics solution from Fortinet, Inc. Fortinet FortiPresence suffers from an authentication error vulnerability that stems from a lack of authentication for critical functions, which can be exploited by an attacker to gain access to Redis and MongoD...

CVE-2022-41331

A missing authentication for critical function vulnerability CWE-306 in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests...

Lua scripts can be manipulated to overcome ACL rules in Redis

...

Session fixation

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis...

CVE-2020-13344

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis...

CVE-2020-13344

Removed by vendor...

Exploit for Path Traversal in Igniterealtime Openfire

PoC exploit for CVE-2019-18393 and CVE-2019-18394, which are related to MongoDB and Redis vulnerabilities. The repository contains information on how to exploit these vulnerabilities, including a demonstration of how an attacker can gain unauthorized access to a MongoDB database and a Redis serve...