Skip to main content

Redis

202 CVEs product

Monthly

CVE-2025-48493 PHP MEDIUM PATCH This Month

The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue.

Redis Information Disclosure Yii2 Redis
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-27151 MEDIUM PATCH Monitor

Redis is an open source, in-memory database that persists on disk. Rated medium severity (CVSS 4.7).

Buffer Overflow RCE Redis Red Hat Suse
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2025-21605 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Redis Denial Of Service Valkey Debian Linux Red Hat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-26268 LOW POC PATCH Monitor

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Redis Dragonfly
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%
CVE-2025-29923 Go LOW POC PATCH Monitor

go-redis is the official Redis client library for the Go programming language. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Redis
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-1979 PyPI MEDIUM PATCH This Month

Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Redis Red Hat
NVD GitHub
CVSS 4.0
5.7
EPSS
0.0%
CVE-2025-27150 MEDIUM PATCH This Month

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Redis Tuleap
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-25069 MEDIUM PATCH This Month

A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Redis Kvrocks Suse
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-55656 HIGH This Month

RedisBloom adds a set of probabilistic data structures to Redis. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.1% and no vendor patch available.

Redis Integer Overflow Information Disclosure
NVD GitHub
CVSS 3.1
8.8
EPSS
13.1%
CVE-2024-51737 HIGH This Month

RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. Rated high severity (CVSS 7.0). No vendor patch available.

Heap Overflow Redis Buffer Overflow RCE
NVD GitHub
CVSS 3.1
7.0
EPSS
1.5%
CVE-2024-51480 HIGH This Month

RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Rated high severity (CVSS 7.0). No vendor patch available.

Heap Overflow Redis Buffer Overflow RCE
NVD GitHub
CVSS 3.1
7.0
EPSS
0.8%
CVE-2024-51741 MEDIUM PATCH Monitor

Redis is an open source, in-memory database that persists on disk. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Redis Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-46981 HIGH POC PATCH THREAT This Month

Redis versions prior to 7.4.2, 7.2.7, and 6.2.17 contain a use-after-free vulnerability in the Lua scripting engine that allows authenticated users to achieve remote code execution. By manipulating the garbage collector through crafted Lua scripts, attackers can corrupt memory and execute arbitrary code on the Redis server.

RCE Memory Corruption Use After Free Redis Debian Linux +2
NVD GitHub
CVSS 3.1
7.0
EPSS
75.7%
CVE-2024-52525 HIGH PATCH This Week

Nextcloud Server is a self hosted personal cloud system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Redis PHP Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-6121 HIGH This Week

An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Redis Information Disclosure Flexlogger Systemlink
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23998 CRITICAL POC Act Now

goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Redis XSS Another Redis Desktop Manager
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-5405 MEDIUM This Month

A vulnerability had been discovered in WinNMP 19.02 consisting of an XSS attack via /tools/redis.php page in the k, hash, key and p parameters. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Redis PHP XSS
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-31989 Go CRITICAL POC PATCH Act Now

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Redis Kubernetes Argo Cd
NVD GitHub
CVSS 3.1
9.0
EPSS
1.5%
CVE-2024-32971 Cargo CRITICAL PATCH Act Now

Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Redis Information Disclosure
NVD GitHub
CVSS 3.1
9.0
EPSS
0.7%
CVE-2024-3625 HIGH This Week

A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Redis Information Disclosure
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-29902 Go MEDIUM PATCH This Month

Cosign provides code signing and transparency for containers and binaries. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Redis Denial Of Service Cosign
NVD GitHub
CVSS 3.1
5.9
EPSS
0.7%
CVE-2024-25116 MEDIUM This Month

RedisBloom adds a set of probabilistic data structures to Redis. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Redis Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-25115 HIGH This Week

RedisBloom adds a set of probabilistic data structures to Redis. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow RCE Redis
NVD GitHub
CVSS 3.1
7.0
EPSS
0.4%
CVE-2024-3019 HIGH This Week

A flaw was found in PCP. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Redis Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-27917 PHP HIGH PATCH This Week

Shopware is an open commerce platform based on Symfony Framework and Vue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Redis PHP Information Disclosure Shopware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-41056 HIGH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Integer Overflow RCE Redis Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
6.8%
CVE-2023-50727 Ruby MEDIUM PATCH This Month

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Redis XSS Resque
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-50725 Ruby MEDIUM PATCH This Month

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Redis XSS Resque
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-50724 Ruby MEDIUM POC PATCH This Month

Resque (pronounced like "rescue") is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Redis XSS Resque
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-47120 HIGH PATCH This Week

Discourse is an open source platform for community discussion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Redis Denial Of Service Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-47004 HIGH POC This Week

Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Redis Redisgraph
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-45145 LOW PATCH Monitor

Redis is an in-memory database that persists on disk. Rated low severity (CVSS 3.6). This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Redis Fedora Debian Linux
NVD GitHub
CVSS 3.1
3.6
EPSS
0.4%
CVE-2023-43119 CRITICAL Act Now

An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Redis Authentication Bypass Exos
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-45148 MEDIUM PATCH This Month

Nextcloud is an open source home cloud server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Redis Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-42809 Maven HIGH POC PATCH This Week

Redisson is a Java Redis client that uses the Netty framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Redis Deserialization Redisson
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-41053 LOW PATCH Monitor

Redis is an in-memory database that persists on disk. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Redis
NVD GitHub
CVSS 3.1
3.3
EPSS
0.3%
CVE-2023-36824 HIGH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Redis Heap Overflow Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
77.4%
CVE-2023-22593 HIGH PATCH This Week

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Redis Authentication Bypass IBM Robotic Process Automation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31655 HIGH POC This Week

redis v7.0.10 was discovered to contain a segmentation violation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Redis
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-28856 MEDIUM PATCH This Month

Redis is an open source, in-memory database that persists on disk. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Redis Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-28859 PyPI MEDIUM PATCH This Month

redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Redis Redis Py
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-28858 PyPI LOW PATCH Monitor

redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Redis Redis Py
NVD GitHub
CVSS 3.1
3.7
EPSS
1.0%
CVE-2023-28425 MEDIUM PATCH This Month

Redis is an in-memory database that persists on disk. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Redis Command Injection
NVD GitHub
CVSS 3.1
5.5
EPSS
55.0%
CVE-2023-25155 MEDIUM PATCH This Month

Redis is an in-memory database that persists on disk. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Redis
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-22458 MEDIUM PATCH This Month

Redis is an in-memory database that persists on disk. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Redis
NVD GitHub
CVSS 3.1
5.5
EPSS
69.4%
CVE-2022-3734 CRITICAL Act Now

A vulnerability was found in a port or fork of Redis. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Redis
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-3647 LOW POC PATCH Monitor

** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Redis Denial Of Service
NVD VulDB GitHub
CVSS 3.1
3.3
EPSS
0.6%
CVE-2022-39267 Go HIGH PATCH This Week

Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Redis Bifrost
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-39263 npm HIGH PATCH This Week

`@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Redis Next Auth
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-35951 CRITICAL Act Now

Redis is an in-memory database that persists on disk. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Redis RCE Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-36076 npm HIGH POC PATCH This Week

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

PostgreSQL CSRF Redis Node.js Nodebb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-36045 npm CRITICAL PATCH Act Now

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PostgreSQL Redis Information Disclosure Node.js Nodebb
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-33105 HIGH POC PATCH This Week

Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Redis Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2022-20821 MEDIUM KEV THREAT This Month

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Redis Apple Information Disclosure Ios Xr
NVD
CVSS 3.1
6.5
EPSS
11.8%
CVE-2022-24736 MEDIUM POC PATCH This Month

Redis is an in-memory database that persists on disk. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Redis Null Pointer Dereference Fedora Management Services For Element Software +2
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2022-24735 HIGH POC PATCH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Redis Fedora Management Services For Element Software +2
NVD GitHub
CVSS 3.1
7.8
EPSS
2.2%
CVE-2022-0543 CRITICAL POC KEV PATCH THREAT Act Now

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Redis Authentication Bypass RCE Debian
NVD
CVSS 3.1
10.0
EPSS
99.7%
CVE-2021-43697 MEDIUM POC This Month

Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Redis PHP XSS Workerman Thinkphp Redis
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-41230 Go HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Redis Authentication Bypass Pomerium
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-41172 MEDIUM POC This Month

AS_Redis is an AntSword plugin for Redis. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Redis RCE XSS Antsword Redis
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-32765 HIGH PATCH This Week

Hiredis is a minimalistic C client library for the Redis database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Redis Integer Overflow Hiredis Debian Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-41099 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow Denial Of Service RCE Fedora +3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2021-32762 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Redis Integer Overflow Debian Linux Fedora +3
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-32687 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow RCE Fedora Debian Linux +3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.8%
CVE-2021-32675 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Redis Denial Of Service Fedora Debian Linux Management Services For Element Software +2
NVD GitHub
CVSS 3.1
7.5
EPSS
15.8%
CVE-2021-32672 MEDIUM PATCH This Month

Redis is an open source, in-memory database that persists on disk. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Redis Information Disclosure Software Collections Enterprise Linux +5
NVD GitHub
CVSS 3.1
4.3
EPSS
1.7%
CVE-2021-32628 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow RCE Fedora Debian Linux +3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.6%
CVE-2021-32627 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow RCE Fedora Debian Linux +3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.7%
CVE-2021-32626 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Redis Heap Overflow RCE Fedora +4
NVD GitHub
CVSS 3.1
8.8
EPSS
15.1%
CVE-2020-21468 HIGH This Week

A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Redis
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-36043 PHP MEDIUM PATCH This Month

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Redis RCE SSRF Adobe Adobe Commerce +1
NVD
CVSS 3.1
6.6
EPSS
1.9%
CVE-2021-32785 HIGH PATCH This Week

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Redis Apache Denial Of Service RCE Mod Auth Openidc +2
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-32761 HIGH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Redis RCE Information Disclosure Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
31.0%
CVE-2021-32743 HIGH POC This Week

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Redis Elastic Information Disclosure Icinga Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-31649 Maven CRITICAL POC Act Now

In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Redis Jfinal
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-32625 HIGH This Week

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Redis RCE Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
4.2%
CVE-2021-33026 PyPI CRITICAL PATCH Act Now

The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Python RCE Redis Privilege Escalation +1
NVD GitHub
CVSS 3.1
9.8
EPSS
7.3%
CVE-2021-29478 HIGH This Week

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Redis Integer Overflow RCE Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2021-29477 HIGH This Week

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Redis Integer Overflow RCE Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
4.0%
CVE-2021-29469 npm HIGH PATCH This Week

Node-redis is a Node.js Redis client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Redis Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-3470 MEDIUM PATCH This Month

A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Redis
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-22194 MEDIUM This Month

In all versions of GitLab, marshalled session keys were being stored in Redis. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Redis Gitlab Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-21309 HIGH PATCH This Week

Redis is an open-source, in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Redis Integer Overflow RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
4.7%
CVE-2020-13344 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Gitlab Redis Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-11982 PyPI CRITICAL PATCH Act Now

An issue was found in Apache Airflow versions 1.10.10 and below. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Redis Deserialization RCE Airflow
NVD
CVSS 3.1
9.8
EPSS
7.2%
CVE-2020-11981 PyPI CRITICAL POC PATCH THREAT Act Now

An issue was found in Apache Airflow versions 1.10.10 and below. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Redis Command Injection Airflow
NVD
CVSS 3.1
9.8
EPSS
34.0%
CVE-2020-15698 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Redis Information Disclosure Joomla
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-15105 PyPI MEDIUM PATCH This Month

Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable.

Python RCE Redis Django Two Factor Authentication
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-14147 HIGH PATCH This Week

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Redis Integer Overflow Communications Operations Monitor +2
NVD GitHub
CVSS 3.1
7.7
EPSS
3.1%
CVE-2020-5205 MEDIUM PATCH This Month

In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Redis Session Fixation Information Disclosure Pow
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue.

Redis Information Disclosure Yii2 Redis
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH Monitor

Redis is an open source, in-memory database that persists on disk. Rated medium severity (CVSS 4.7).

Buffer Overflow RCE Redis +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Redis Denial Of Service Valkey +3
NVD GitHub
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Redis Dragonfly
NVD GitHub
EPSS 0% CVSS 3.7
LOW POC PATCH Monitor

go-redis is the official Redis client library for the Go programming language. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Redis
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Redis Red Hat
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Redis Tuleap
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Redis +2
NVD
EPSS 13% CVSS 8.8
HIGH This Month

RedisBloom adds a set of probabilistic data structures to Redis. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.1% and no vendor patch available.

Redis Integer Overflow Information Disclosure
NVD GitHub
EPSS 2% CVSS 7.0
HIGH This Month

RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. Rated high severity (CVSS 7.0). No vendor patch available.

Heap Overflow Redis Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.0
HIGH This Month

RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Rated high severity (CVSS 7.0). No vendor patch available.

Heap Overflow Redis Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM PATCH Monitor

Redis is an open source, in-memory database that persists on disk. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Redis Denial Of Service Red Hat +1
NVD GitHub
EPSS 76% CVSS 7.0
HIGH POC PATCH THREAT This Month

Redis versions prior to 7.4.2, 7.2.7, and 6.2.17 contain a use-after-free vulnerability in the Lua scripting engine that allows authenticated users to achieve remote code execution. By manipulating the garbage collector through crafted Lua scripts, attackers can corrupt memory and execute arbitrary code on the Redis server.

RCE Memory Corruption Use After Free +4
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Nextcloud Server is a self hosted personal cloud system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Redis PHP Nextcloud +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Redis Information Disclosure Flexlogger +1
NVD
EPSS 1% CVSS 9.6
CRITICAL POC Act Now

goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Redis XSS Another Redis Desktop Manager
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability had been discovered in WinNMP 19.02 consisting of an XSS attack via /tools/redis.php page in the k, hash, key and p parameters. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Redis PHP XSS
NVD
EPSS 1% CVSS 9.0
CRITICAL POC PATCH Act Now

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Redis Kubernetes +1
NVD GitHub
EPSS 1% CVSS 9.0
CRITICAL PATCH Act Now

Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Redis Information Disclosure
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Redis Information Disclosure
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

Cosign provides code signing and transparency for containers and binaries. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Redis Denial Of Service Cosign
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

RedisBloom adds a set of probabilistic data structures to Redis. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Redis Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

RedisBloom adds a set of probabilistic data structures to Redis. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow RCE Redis
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

A flaw was found in PCP. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Redis Information Disclosure
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Shopware is an open commerce platform based on Symfony Framework and Vue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Redis PHP Information Disclosure +1
NVD GitHub
EPSS 7% CVSS 8.1
HIGH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Integer Overflow RCE Redis +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Redis XSS Resque
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Redis XSS Resque
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

Resque (pronounced like "rescue") is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Redis XSS Resque
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Discourse is an open source platform for community discussion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Redis Denial Of Service Discourse
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD GitHub
EPSS 0% CVSS 3.6
LOW PATCH Monitor

Redis is an in-memory database that persists on disk. Rated low severity (CVSS 3.6). This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Redis Fedora +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Redis Authentication Bypass Exos
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud is an open source home cloud server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Redis Nextcloud +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Redisson is a Java Redis client that uses the Netty framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Redis +2
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Redis is an in-memory database that persists on disk. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Redis
NVD GitHub
EPSS 77% CVSS 8.8
HIGH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Redis +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Redis Authentication Bypass IBM +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

redis v7.0.10 was discovered to contain a segmentation violation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Redis
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Redis is an open source, in-memory database that persists on disk. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Redis Debian Linux +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Redis Redis Py
NVD GitHub
EPSS 1% CVSS 3.7
LOW PATCH Monitor

redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Redis Redis Py
NVD GitHub
EPSS 55% CVSS 5.5
MEDIUM PATCH This Month

Redis is an in-memory database that persists on disk. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Redis Command Injection
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Redis is an in-memory database that persists on disk. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Redis
NVD GitHub
EPSS 69% CVSS 5.5
MEDIUM PATCH This Month

Redis is an in-memory database that persists on disk. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Redis
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in a port or fork of Redis. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Redis
NVD VulDB
EPSS 1% CVSS 3.3
LOW POC PATCH Monitor

** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Redis Denial Of Service
NVD VulDB GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Redis Bifrost
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

`@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Redis Next Auth
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

Redis is an in-memory database that persists on disk. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Redis RCE +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

PostgreSQL CSRF Redis +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PostgreSQL Redis Information Disclosure +2
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Redis Information Disclosure
NVD GitHub
EPSS 12% CVSS 6.5
MEDIUM KEV THREAT This Month

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Redis Apple +2
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Redis is an in-memory database that persists on disk. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Redis Null Pointer Dereference +4
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Redis +4
NVD GitHub
EPSS 100% CVSS 10.0
CRITICAL POC KEV PATCH THREAT Act Now

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Redis Authentication Bypass RCE +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Redis PHP XSS +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Redis Authentication Bypass Pomerium
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

AS_Redis is an AntSword plugin for Redis. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Redis RCE XSS +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Hiredis is a minimalistic C client library for the Redis database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Redis Integer Overflow +3
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow Denial Of Service +5
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Redis Integer Overflow +5
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow RCE +5
NVD GitHub
EPSS 16% CVSS 7.5
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Redis Denial Of Service Fedora +4
NVD GitHub
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

Redis is an open source, in-memory database that persists on disk. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Redis Information Disclosure +7
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow RCE +5
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow RCE +5
NVD GitHub
EPSS 15% CVSS 8.8
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Redis Heap Overflow +6
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Redis
NVD GitHub VulDB
EPSS 2% CVSS 6.6
MEDIUM PATCH This Month

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Redis RCE SSRF +3
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Redis Apache Denial Of Service +4
NVD GitHub
EPSS 31% CVSS 7.5
HIGH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Redis RCE +3
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Redis Elastic Information Disclosure +2
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Redis Jfinal
NVD
EPSS 4% CVSS 8.8
HIGH This Week

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Redis RCE Fedora
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Python RCE +3
NVD GitHub
EPSS 4% CVSS 8.8
HIGH This Week

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Redis Integer Overflow RCE +1
NVD GitHub
EPSS 4% CVSS 8.8
HIGH This Week

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Redis Integer Overflow RCE +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Node-redis is a Node.js Redis client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Redis Denial Of Service
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Redis
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In all versions of GitLab, marshalled session keys were being stored in Redis. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Redis Gitlab Information Disclosure
NVD
EPSS 5% CVSS 8.8
HIGH PATCH This Week

Redis is an open-source, in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Redis Integer Overflow +1
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM This Month

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Gitlab Redis Information Disclosure
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

An issue was found in Apache Airflow versions 1.10.10 and below. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Redis Deserialization +2
NVD
EPSS 34% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An issue was found in Apache Airflow versions 1.10.10 and below. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Redis Command Injection +1
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Redis Information Disclosure Joomla
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable.

Python RCE Redis +1
NVD GitHub
EPSS 3% CVSS 7.7
HIGH PATCH This Week

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Redis +4
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Redis Session Fixation Information Disclosure +1
NVD GitHub
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy