Technical writeups and vulnerability analyses from our community of elite security researchers.
A use-after-free inside Redis's blocking-client code path allows an authenticated user to execute arbitrary OS commands. Discovered by Xint Code and demonstrated at ZeroDay.Cloud 2025.
Team Xint Code
Jun 2DarkReplica is a post-authentication Use-After-Free in Redis's replication subsystem. By abusing master-replica synchronization during a running Lua script, the freed Lua engine can be controlled to achieve arbitrary code execution.
Yoni SherezJun 2Two independent double-free bugs in Redis's RDB loading code — one in legacy zipmap conversion, one in stream consumer group deserialization — both leading to remote code execution via the RESTORE command.
Emil LernerJun 2At ZeroDay.Cloud 2025, security researchers discovered and disclosed five critical Remote Code Execution vulnerabilities in Redis, all within two days of competition.
ZeroDay.Cloud TeamJun 2A heap buffer overflow in MariaDB's JSON_SCHEMA_VALID() function allows authenticated users to escalate privileges and execute arbitrary OS commands. Discovered by Xint Code at ZeroDay.Cloud 2025.
Team Xint CodeMay 4A 20-year-old heap buffer overflow in PostgreSQL's pgcrypto extension allows remote code execution. Discovered by Xint Code at ZeroDay.Cloud 2025.
Team Xint CodeMay 4A 20-year-old encoding bug in PostgreSQL's pgcrypto extension allows smuggling invalid UTF-8 into the database, leading to memory corruption and remote code execution. Discovered by Team Bugz Bunnies at ZeroDay.Cloud 2025.
Team Bugz BunniesMay 4