28 matches found
SUSE CVE-2026-41196
Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...
DEBIAN-CVE-2026-41196
Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...
CVE-2026-41196 Luanti has a mod security sandbox escape
Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...
CVE-2026-41196 Luanti has a mod security sandbox escape
Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...
EUVD-2026-25154
Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...
CVE-2026-41196
Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...
PT-2026-34594
Name of the Vulnerable Software and Affected Versions Luanti versions 5.0.0 through 5.15.1 Description A malicious mod can escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This issue affects server-side mods, async, mapgen, and...
Linux Distros Unpatched Vulnerability : CVE-2026-41196
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially...
SUSE CVE-2026-40960
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...
CVE-2026-40959
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod...
PT-2026-33197
Name of the Vulnerable Software and Affected Versions Luanti versions 5.0 through 5.15.1 Description A sandbox escape exists when LuaJIT is used, allowing a crafted mod to execute arbitrary code outside the game engine. Recommendations Update to version 5.15.2...
CVE-2026-21889
Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. This vulnerability is fixed in 5.15.2...
PT-2026-2916
Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.15.2 Description Weblate is a web-based localization tool. Prior to version 5.15.2, screenshot images were served directly by the HTTP server without appropriate access controls. This allowed an unauthenticated user...
OPENSUSE-SU-2024:11879-1 libQt5Bootstrap-devel-static-32bit-5.15.2+kde294-4.1 on GA media
These are all security issues fixed in the libQt5Bootstrap-devel-static-32bit-5.15.2+kde294-4.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11813-1 libQt5Bootstrap-devel-static-32bit-5.15.2+kde294-2.1 on GA media
These are all security issues fixed in the libQt5Bootstrap-devel-static-32bit-5.15.2+kde294-2.1 package on the GA media of openSUSE Tumbleweed...
CVE-2024-31397
Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service DoS condition...
CVE-2024-31397
Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service DoS condition...
CVE-2024-31401
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product...
WordPress Abandoned Cart Lite for WooCommerce Plugin < 5.15.2 Authentication Bypass Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tychesoftwares:abandonedcartliteforwoocommerce"; if...
Zoom Client for Meetings 5.15.0 < 5.15.2 Vulnerability (ZSB-23025)
The version of Zoom Client for Meetings installed on the remote host is between 5.15.0 and 5.15.2. It is, therefore, affected by a vulnerability as referenced in the ZSB-23025 advisory. - Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive...