CVE-2025-22470

CL4/6NX Plus and CL4/6NX-J Plus Japan model with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege...

Multiple vulnerabilities in Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series

Overview Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series provided by SATO Corporation contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-22469 Unrestricted upload of file with dangerous type CWE-434 - CVE-2025-22470 MASAHIRO IIDA of LAC Co., Ltd...

SATO CL4/6NX Plus和SATO CL4/6NX-J Plus 代码问题漏洞

SATO CL4/6NX Plus and SATO CL4/6NX-J Plus are both series of smart industrial label printers from SATO Japan. A code issue vulnerability exists in the SATO CL4/6NX Plus and SATO CL4/6NX-J Plus versions prior to 1.15.5-r1, which stems from the fact that uploading a specially crafted hazardous file...

PT-2025-32149 · Unknown · Cl4/6Nx-J Plus +1

Name of the Vulnerable Software and Affected Versions: CL4/6NX Plus versions prior to 1.15.5-r1 CL4/6NX-J Plus Japan model versions prior to 1.15.5-r1 Description: The CL4/6NX Plus and CL4/6NX-J Plus devices are susceptible to arbitrary Lua script execution. This occurs due to the ability to uplo...

OPENSUSE-SU-2025:15401-1 liblua5_5-5-5.5.0~beta1-1.1 on GA media

These are all security issues fixed in the liblua55-5-5.5.0beta1-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-41688

A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox...

CVE-2025-41688

A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox...

CVE-2025-41688

CVE-2025-41688 describes a high-privilege RCE via an undocumented method that escapes the LUA sandbox, enabling execution of arbitrary OS commands. Reported impact includes total system compromise with network access as the attack vector and no user interaction required. Affected products noted i...

CVE-2025-41688 High Privilege RCE via LUA Sandbox Escape

A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox...

CVE-2025-41688 High Privilege RCE via LUA Sandbox Escape

A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox...

MB connect line mbNET 安全漏洞

MB Connect Line mbNET is an industrial router from MB Connect Line, Germany. A security vulnerability exists in MB connect line mbNET HW1 and mbNET/mbNET.rokey, which stems from an undocumented method of bypassing the LUA sandbox and could lead to the execution of arbitrary OS commands...

PT-2025-31501 · Helmholz +1 · Rex 200/250 +3

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox. This issue ha...

[SECURITY] Fedora 41 Update: valkey-8.0.4-1.fc41

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

[SECURITY] Fedora 42 Update: valkey-8.0.4-1.fc42

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c.

...

[SECURITY] Fedora 41 Update: luajit-2.1.1748459687-2.fc41

LuaJIT implements the full set of language features defined by Lua 5.1. The virtual machine VM is API- and ABI-compatible to the standard Lua interpreter and can be deployed as a drop-in replacement...

Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

=========================================================== CVE...

The vulnerability of Lua script interpreters arises from the possibility of an operation exceeding the buffer boundaries in memory, allowing attackers to trigger a service failure.

The vulnerability of Lua scripts relates to the execution of an operation outside the buffer boundaries in the memory of ldebug.c. Exploiting this vulnerability can allow an attacker to cause a service failure...

Vulnerability fixed in Wing FTP Server

The developer of Wing FTP Server has fixed a vulnerability in version 7.4.4. The vulnerability is in the way Wing FTP Server processes null bytes in the user parameter. This allows a remote malicious person to inject arbitrary Lua code into session files, which can lead to the execution of...

Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability

Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default...