📄 ZTE ZXHN Router Denial of Service

The CGILua post.lua parser used in ZTE ZXHN routers does not enforce an upper bound on the body size of application/x-www-form-urlencoded POST requests. An unauthenticated attacker can crash or freeze the router's web management service by sending a single HTTP POST request with an oversized body...

Ubuntu 16.04 LTS : Lua vulnerability (USN-8262-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8262-1 advisory. It was discovered that the Lua parser incorrectly handled garbage collection when processing specially crafted Lua scripts. A remote attacker could possibly use...

USN-8262-1: Lua vulnerability

It was discovered that the Lua parser incorrectly handled garbage collection when processing specially crafted Lua scripts. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

Astra Linux - уязвимость в apache2

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for this vulnerability, but it might be possible to create one. This issue affects Apache HTTP Server 2.4.51 and earlie...

CVE-2026-24818

CVE-2026-24818 is an out-of-bounds read vulnerability in praydog UEVR, specifically affecting the dependencies/lua/src modules (lparser.C). The issue is noted to impact UEVR before version 1.05. Multiple sources (NVD, Red Hat, OSV, CIRCL, CVE lists) describe the flaw consistently, but do not prov...

CVE-2022-35158

A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows attackers to cause a Denial of Service DoS via a crafted lua script...

PT-2025-41846

Name of the Vulnerable Software and Affected Versions YouDataSum CPAS Audit Management System versions prior to 4.9 Description The YouDataSum CPAS Audit Management System is susceptible to SQL Injection due to inadequate input validation. This allows remote, unauthenticated attackers to execute...

EUVD-2022-38052

Malicious code in bioql PyPI...

PT-2025-26588 · Unknown · Notepadnext

Name of the Vulnerable Software and Affected Versions: NotepadNext versions through v0.11 Description: The issue is an Out-of-bounds Read vulnerability in the NotepadNext Lua Parser Module, specifically affecting the singlevar function in lparser.c. This vulnerability can lead to a heap-based...

SUSE CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

Unspecified vulnerability in Tencent TscanCode tsclua

Tencent TscanCode is a fast and accurate static analysis solution for C/C++, C and Lua code from Tencent. Tencent TscanCode tsclua suffers from an unspecified vulnerability that stems from its lua parser that allows an attacker to cause a denial of service via a crafted lua script. No detailed...

CVE-2022-35158

A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows attackers to cause a Denial of Service DoS via a crafted lua script...

CVE-2022-35158

A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows attackers to cause a Denial of Service DoS via a crafted lua script...

CVE-2022-35158

A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows attackers to cause a Denial of Service DoS via a crafted lua script...

Design/Logic Flaw

A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows attackers to cause a Denial of Service DoS via a crafted lua script...

PT-2022-22607 · Unknown · Tscancode Tsclua

Name of the Vulnerable Software and Affected Versions: TscanCode tsclua version 2.15.01 Description: A vulnerability in the lua parser of TscanCode tsclua allows attackers to cause a Denial of Service DoS via a crafted lua script. Recommendations: For TscanCode tsclua version 2.15.01, consider...

Tencent TscanCode 安全漏洞

Tencent TscanCode is a fast and accurate static analysis solution for C/C++, C and Lua code from Tencent. Tencent TscanCode tsclua suffers from an unspecified vulnerability that stems from its lua parser that allows an attacker to cause a denial of service via a crafted lua script. No detailed...

OESA-2021-1473 httpd security update

Apache HTTP Server. Security Fixes: A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket...

AZL-7044 CVE-2021-44790 affecting package httpd for versions less than 2.4.52-1

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...