17 matches found
CVE-2026-42472
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from Redis in the RedisHandler object...
CVE-2025-5088 Arista CloudVision Exchange (CVX) Cluster Privilege Escalation via MCS Redis Session
An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...
CVE-2025-5088
An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...
CVE-2025-5088
CVE-2025-5088 affects Arista CloudVision Exchange (CVX) via an authenticated Redis session that could grant full root access to all CVX servers. Exploitation requires network access to the Redis service and the Redis password, and Redis traffic is plaintext (TLS support tracked separately). The i...
SUSE CVE-2026-48847
Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...
UBUNTU-CVE-2026-48847
Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...
CVE-2026-48847
Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...
PT-2026-43110
Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.x through 1.6.15 Roundcube Webmail versions 1.7.x through 1.7.0 Description An issue allows pre-authentication arbitrary file deletion through a session poisoning bypass when using redis or memcache. Session...
CVE-2026-42472
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from Redis in the RedisHandler object...
CVE-2026-42472
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from Redis in the RedisHandler object...
Linux Distros Unpatched Vulnerability : CVE-2026-35537
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file...
CVE-2026-35537
A flaw was found in Roundcube Webmail. Unauthenticated attackers can exploit an unsafe deserialization vulnerability in the redis/memcache session handler. This allows for arbitrary file write operations by crafting malicious session data. The primary impact is the ability to write files to the...
Roundcube Webmail: Unsafe deserialization in the redis/memcache session handler
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data...
CVE-2026-35537
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data...
CVE-2026-35537
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data...
PT-2026-29975
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data...
Security Advisory 0126
Security Advisory 0126 . CSAF PDF Date: November 18, 2025 Revision | Date | Changes ---|---|--- 1.0 | November 18, 2025 | Initial release The following issues were discovered during regular penetration testing of Arista’s EOS. Issues detailed cover CloudVision Exchange CVX based features includin...