|
21
|
- |
|
-
|
-
|
RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTOR…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-25589
|
2026-05-6 02:17 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
- |
|
-
|
-
|
RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE comma…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-25588
|
2026-05-6 02:17 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
- |
|
-
|
-
|
Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to exe…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-25243
|
2026-05-6 02:17 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
- |
|
-
|
-
|
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-aft…
New
|
CWE-416
Use After Free
|
CVE-2026-23631
|
2026-05-6 02:17 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
25
|
- |
|
-
|
-
|
Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blo…
New
|
CWE-416
Use After Free
|
CVE-2026-23479
|
2026-05-6 02:17 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
- |
|
-
|
-
|
A hidden console command is vulnerable to command injection
flaw when control characters are passed to its second argument.
A third party researcher Eugene Lim had discovered vulnerability
in the w…
New
|
CWE-88
Argument Injection
|
CVE-2026-7865
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
2.6 |
LOW
Adjacent
|
-
|
-
|
A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the c…
New
|
CWE-362
CWE-367
Race Condition
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-7846
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
2.6 |
LOW
Adjacent
|
-
|
-
|
A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webui_pages/dialogue/dialogue.py …
New
|
CWE-327
CWE-328
Use of a Broken or Risky Cryptographic Algorithm
Use of Weak Hash
|
CVE-2026-7845
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
6.3 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/list_files/retrieve_file/retrieve_file_content/delete_file of the file l…
New
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-7844
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
8.6 |
HIGH
Network
|
-
|
-
|
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7412
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
