CVE-2025-49844 Redis Lua Use-After-Free may lead to remote code execution

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all...

PT-2005-2520 · Awstats · Awstats

Name of the Vulnerable Software and Affected Versions: AWStats versions 6.4 and earlier Description: The issue allows remote attackers to execute arbitrary Perl code via the HTTP Referrer when a URLPlugin is enabled. This is achieved by inserting the $url parameter into an eval function call,...