CVE-2025-57439

CVE-2025-57439 affects Creacast Creabox Manager 4.4.4. The vulnerability is a remote code execution via the edit.php endpoint, where an authenticated attacker can inject arbitrary Lua code into the configuration, resulting in server-side code execution and full system compromise (e.g., reverse sh...

CVE-2025-57430

Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials...

PT-2025-38740

Name of the Vulnerable Software and Affected Versions Creacast Creabox Manager version 4.4.4 Description The software exposes sensitive configuration data through a publicly accessible endpoint. Accessing the /get endpoint returns internal configuration details, including the creacodec.lua file,...

PT-2025-38760

Name of the Vulnerable Software and Affected Versions Creacast Creabox Manager version 4.4.4 Description A critical Remote Code Execution issue exists in Creacast Creabox Manager version 4.4.4. An authenticated attacker can inject arbitrary Lua code into the configuration through the edit.php...

CVE-2025-59336 Relative Path Traversal in Luanox

Luanox is a module host for Lua packages. Prior to 0.1.1, a file traversal vulnerability can cause potential denial of service by overwriting Phoenix runtime files. Package names like ../../package are not properly filtered and pass the validity check of the rockspec verification system. This...

[SECURITY] Fedora 43 Update: civetweb-1.16-9.fc43

Civetweb is an easy to use, powerful, C C/C++ embeddable web server with optional CGI, SSL and Lua support. CivetWeb can be used by developers as a library, to add web server functionality to an existing application. It can also be used by end users as a stand-alone web server running on a Window...

[SECURITY] Fedora 41 Update: civetweb-1.16-9.fc41

Civetweb is an easy to use, powerful, C C/C++ embeddable web server with optional CGI, SSL and Lua support. CivetWeb can be used by developers as a library, to add web server functionality to an existing application. It can also be used by end users as a stand-alone web server running on a Window...

[SECURITY] Fedora 42 Update: civetweb-1.16-9.fc42

Civetweb is an easy to use, powerful, C C/C++ embeddable web server with optional CGI, SSL and Lua support. CivetWeb can be used by developers as a library, to add web server functionality to an existing application. It can also be used by end users as a stand-alone web server running on a Window...

Malicious Package

Overview @js-to-lua/lua-types is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-47008 Malicious code in @js-to-lua/lua-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4ddfe717b22bb57e4e1887887c45646abfa625e1d566049a635b86193170cdf9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview @js-to-lua/fast-follow-commands is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

Malicious Package

Overview @js-to-lua/lua-conversion-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

Malicious Package

Overview @js-to-lua/convert is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in @js-to-lua/convert (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 365d73a741a9c8513dad4db978ffd0658d1d583f07281a9a370a78062f36d6b5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47006 Malicious code in @js-to-lua/handler-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ecbb26f98b0d1520a3801861e0c434568d5ac1958606124e217a6e10eda3c436 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @js-to-lua/lua-conversion-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91ebd24fd672684df83e5fcae05558a53e1c39f90617cac87401a555dda40811 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47007 Malicious code in @js-to-lua/lua-conversion-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91ebd24fd672684df83e5fcae05558a53e1c39f90617cac87401a555dda40811 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47004 Malicious code in @js-to-lua/convert (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 365d73a741a9c8513dad4db978ffd0658d1d583f07281a9a370a78062f36d6b5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

This repository contains Nmap NSE Network Sniffer Engine scripts designed to check for log4shell or LogJam vulnerabilities CVE-2021-44228 in various services. The scripts are written in Lua and are intended to be used with the Nmap network scanning tool. The scripts are categorized into different...

lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.

...