Lucene search
K

97 matches found

Vulnrichment
Vulnrichment
added 2026/05/05 4:44 p.m.5 views

CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

7.7CVSS6.2AI score0.02995EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/05 4:44 p.m.39 views

CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

7.7CVSS0.02995EPSS
Exploits0References2
CVE
CVE
added 2026/05/05 4:44 p.m.455 views

CVE-2026-25243

Redis server vulnerability CVE-2026-25243: In Redis up to version 8.6.3, the RESTORE command fails to properly validate serialized values, allowing an authenticated attacker with RESTORE access to supply a crafted payload that may trigger invalid memory access and potentially lead to remote code ...

8.8CVSS6.2AI score0.02995EPSS
Exploits0References19Affected Software1
EUVD
EUVD
added 2026/05/05 4:44 p.m.8 views

EUVD-2026-27410

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

7.7CVSS6.2AI score0.02995EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/05 4:44 p.m.5 views

CVE-2026-25243

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

8.8CVSS6.2AI score0.02995EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-37093

Name of the Vulnerable Software and Affected Versions RedisBloom versions prior to 2.8.20 Description RedisBloom, a probabilistic data structures module for Redis, fails to properly validate serialized values processed via the 'RESTORE' command. An authenticated attacker with permissions to execu...

9CVSS6.2AI score0.01331EPSS
Exploits0References31
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.16 views

Redis 安全漏洞

Redis is an open-source database developed by Redis Technologies in the United States. It is written in ANSI C, supports networking, and can be implemented as either in-memory or persistent storage systems. It also provides APIs in multiple languages. Versions of Redis 8.6.3 and earlier contained...

8.8CVSS6.1AI score0.02995EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

RedisTimeSeries 安全漏洞

RedisTimeSeries is an open-source time series data structure for Redis. Versions of RedisTimeSeries prior to 1.12.14 have a security vulnerability. This vulnerability stems from the module not properly verifying the serialized values processed via the Redis RESTORE command. Authorized attackers c...

8.8CVSS6.2AI score0.01029EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.10 views

PT-2026-37092

Name of the Vulnerable Software and Affected Versions redis-server versions prior to 8.6.3 Description Redis is an in-memory data structure store. The RESTORE command fails to properly validate serialized values. An authenticated attacker with permissions to execute this command can provide a...

9CVSS6.2AI score0.02995EPSS
Exploits0References78
Tenable Nessus
Tenable Nessus
added 2026/03/12 12:0 a.m.6 views

Apache ZooKeeper 3.9.x < 3.9.4 Improper Permission Check

The version of Apache ZooKeeper listening on the remote host is 3.9.x prior to 3.9.4. It is, therefore, affected by an improper permission check vulnerability: - Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore commands with insufficient...

4.3CVSS7.2AI score0.00294EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/25 4:6 a.m.7 views

CVE-2026-21864

Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter Module data type into the Valkey distributed key-value database. Prior to commit a68614b6e3845777d383b3a513cedcc08b3b7ccd, a specially crafted RESTORE command can cause Valkey to hit an assertion, causes the server to shutdown...

7.5CVSS5.5AI score0.00257EPSS
Exploits0References1
NVD
NVD
added 2026/02/24 1:16 a.m.17 views

CVE-2026-21864

Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter Module data type into the Valkey distributed key-value database. Prior to commit a68614b6e3845777d383b3a513cedcc08b3b7ccd, a specially crafted RESTORE command can cause Valkey to hit an assertion, causes the server to shutdown...

7.5CVSS0.00257EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/24 12:24 a.m.8 views

EUVD-2026-7461

Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter Module data type into the Valkey distributed key-value database. Prior to commit a68614b6e3845777d383b3a513cedcc08b3b7ccd, a specially crafted RESTORE command can cause Valkey to hit an assertion, causes the server to shutdown...

6.5CVSS5.4AI score0.00257EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/24 12:24 a.m.5 views

CVE-2026-21864 Remote DoS from malformed RESTORE command

Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter Module data type into the Valkey distributed key-value database. Prior to commit a68614b6e3845777d383b3a513cedcc08b3b7ccd, a specially crafted RESTORE command can cause Valkey to hit an assertion, causes the server to shutdown...

6.5CVSS5.5AI score0.00257EPSS
Exploits0References2
CVE
CVE
added 2026/02/24 12:24 a.m.17 views

CVE-2026-21864

CVE-2026-21864 affects Valkey-Bloom (a Rust module for Valkey KV) where a crafted RESTORE command can trigger a server shutdown due to an assertion during RDB parsing if the VALKEYMODULE_OPTIONS_HANDLE_IO_ERRORS flag is not set. The issue existed despite the module handling parsing; a patch (comm...

7.5CVSS5.5AI score0.00257EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/24 12:24 a.m.6 views

CVE-2026-21864 Remote DoS from malformed RESTORE command

Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter Module data type into the Valkey distributed key-value database. Prior to commit a68614b6e3845777d383b3a513cedcc08b3b7ccd, a specially crafted RESTORE command can cause Valkey to hit an assertion, causes the server to shutdown...

6.5CVSS5.6AI score0.00257EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.9 views

PT-2026-21584

Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter Module data type into the Valkey distributed key-value database. Prior to commit a68614b6e3845777d383b3a513cedcc08b3b7ccd, a specially crafted RESTORE command can cause Valkey to hit an assertion, causes the server to shutdown...

6.5CVSS5.4AI score0.00257EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.11 views

valkey-bloom 输入验证错误漏洞

Valkey-Bloom is a Valkey open-source module. Valkey-Bloom has a vulnerability related to input validation errors. This vulnerability arises from the lack of a flag to handle RDB parsing errors, which may allow a specially crafted RESTORE command to trigger an assertion that causes the server to...

7.5CVSS5.8AI score0.00257EPSS
Exploits0References2
Veracode
Veracode
added 2025/10/15 7:58 a.m.5 views

Improper Permission Checks

Apache ZooKeeper is vulnerable to improper permission checks. The vulnerability is due to insufficient authorization validation in the AdminServer, allowing authorized clients to execute snapshot and restore commands without proper permissions...

4.3CVSS7.4AI score0.00294EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2025/09/26 8:51 a.m.6 views

BIT-ZOOKEEPER-2025-58457 Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands

Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4. Users are recommended to upgrade to version 3.9.4, which fixes the issue. The issue can be...

4.3CVSS7.3AI score0.00294EPSS
Exploits0References3
Rows per page
Query Builder