InfoQ Homepage Common Vulnerabilities and Exposures Content on InfoQ
News
RSS Feed-
Two Missing Characters: How a Regex Flaw Exposed AWS GitHub Repos to Supply-Chain Risk
AWS recently published a security bulletin acknowledging a configuration issue affecting some popular AWS-managed open-source GitHub repositories. Dubbed CodeBreach, the critical vulnerability could have resulted in the introduction of malicious code and hijacking of the repositories leveraging AWS CodeBuild.
-
MongoBleed Vulnerability Allows Attackers to Read Data from MongoDB's Heap Memory
MongoDB recently patched CVE-2025-14847, a vulnerability affecting multiple supported and legacy MongoDB Server versions. According to the disclosure, the flaw can be exploited remotely by unauthenticated attackers with low complexity, potentially leading to the exfiltration of sensitive data and credentials.
-
Redis Critical Remote Code Execution Vulnerability Discovered after 13 Years
Redis recently released a security advisory regarding CVE-2025-49844. This critical (CVSS 10.0) use-after-free (UAF) vulnerability in Lua scripting could allow authenticated attackers to execute remote code on older versions of Redis and Valkey with Lua scripting enabled. Developers are urged to upgrade to patched releases as soon as possible.
-
RADIUS Protocol Vulnerability Exposes Network Device Authentication
A team of security researchers has discovered a significant vulnerability in the widely used RADIUS (Remote Authentication Dial-In User Service) protocol. This vulnerability could potentially allow attackers to gain unauthorised access to network devices. Cloudflare staff detailed the findings, highlighting the ongoing challenges of maintaining security in long-standing network protocols.
-
GUAC Joins OpenSSF as Incubating Project
The Graph for Understanding Artifact Composition (GUAC) has joined the Open Source Security Foundation (OpenSSF) as an incubating project. GUAC provides a tool and underlying API to analyse and visualise software bill of materials (SBOM) along with threat intelligence feeds to determine whether vulnerabilities impact an application.