USN-8366-1 luanti vulnerabilities

It was discovered that Luanti, when using LuaJIT, did not properly enforce Lua sandbox restrictions. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-40959 It was discovered that Luanti did not properly restrict access to insecure environments. An attacker could...

Astra Linux - уязвимость в redis

It was discovered that Redis, a persistent key-value database, due to a packaging issue, is susceptible to a Lua sandbox escape that is specific to Debian. This could lead to remote code execution...

SUSE CVE-2026-41196

Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...

DEBIAN-CVE-2026-41196

Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...

CVE-2026-41196

Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...

Luanti 代码注入漏洞

Luanti is an open-source voxel game engine developed by Luanti itself, supporting mods and game creation. Versions of Luanti from 5.0.0 to 5.15.2 had a code injection vulnerability. This vulnerability stemmed from the ability of malicious mods to escape the sandbox Lua environment, potentially...

SUSE CVE-2026-40959

Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod...

CVE-2026-40959

CVE-2026-40959 affects Luanti 5.x prior to 5.15.2. When using LuaJIT, a crafted mod can cause a Lua sandbox escape. The issue is described in multiple sources as Luanti 5 before 5.15.2, with the sandbox escape vulnerability carrying a high impact in CVSS (high confidentiality, integrity, and avai...

CVE-2026-40959

Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod...

PT-2026-33197

Name of the Vulnerable Software and Affected Versions Luanti versions 5.0 through 5.15.1 Description A sandbox escape exists when LuaJIT is used, allowing a crafted mod to execute arbitrary code outside the game engine. Recommendations Update to version 5.15.2...

Fedora 43 : libinput (2026-5aafda8cd8)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-5aafda8cd8 advisory. libinput 1.30.3, fixes Lua plugin sandbox escape CVE-2026-35093,CVE-2026-35094 Tenable has extracted the preceding description block directly from t...

EUVD-2025-206760

Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This issue affects Scribunto: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from before...

EUVD-2025-23258

Malicious code in bioql PyPI...

CVE-2025-41688

A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox...

CVE-2025-41688

A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox...

CVE-2025-41688 High Privilege RCE via LUA Sandbox Escape

A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox...

CVE-2025-41688

CVE-2025-41688 describes a high-privilege RCE via an undocumented method that escapes the LUA sandbox, enabling execution of arbitrary OS commands. Reported impact includes total system compromise with network access as the attack vector and no user interaction required. Affected products noted i...

CVE-2025-41688 High Privilege RCE via LUA Sandbox Escape

A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox...

MB connect line mbNET 安全漏洞

MB Connect Line mbNET is an industrial router from MB Connect Line, Germany. A security vulnerability exists in MB connect line mbNET HW1 and mbNET/mbNET.rokey, which stems from an undocumented method of bypassing the LUA sandbox and could lead to the execution of arbitrary OS commands...

PT-2025-31501 · Helmholz +1 · Rex 200/250 +3

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox. This issue ha...