CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26268
https://notcve.org/view.php?id=CVE-2025-26268
17 Apr 2025 — DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked. • https://github.com/dragonflydb/dragonfly/commit/d1fac0f912edb323a2bdd6404c518cda21eac243 • CWE-392: Missing Report of Error Condition •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26269
https://notcve.org/view.php?id=CVE-2025-26269
17 Apr 2025 — DragonflyDB Dragonfly through 1.28.2 allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer. • https://github.com/dragonflydb/dragonfly/commit/4612aec9a78e3f604e6fb19bee51acde89723308 • CWE-191: Integer Underflow (Wrap or Wraparound) •