CVE-2025-52939 Potential heap-buffer overflow vulnerability in NotepadNext

Out-of-bounds Write vulnerability in dail8859 NotepadNext src/lua/src modules. This vulnerability is associated with program files ldebug.C, lvm.C. This issue affects NotepadNext: through v0.11...

CVE-2025-52938

CVE-2025-52938 affects NotepadNext up to v0.11. The vulnerability is an out-of-bounds read in the Lua parser module, specifically the function singlevar() in lparser.c, where a required luaK_exp2anyregup call is missing. This can cause a heap-based buffer over-read when untrusted Lua code is comp...

CVE-2025-52938 Potential heap-based buffer over-read vulnerability in NotepadNext

Out-of-bounds Read vulnerability in dail8859 NotepadNext src/lua/src modules. This vulnerability is associated with program files lparser.C. This issue affects NotepadNext: through v0.11. The singlevar in lparser.c lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read th...

CVE-2025-52938 Potential heap-based buffer over-read vulnerability in NotepadNext

Out-of-bounds Read vulnerability in dail8859 NotepadNext src/lua/src modules. This vulnerability is associated with program files lparser.C. This issue affects NotepadNext: through v0.11. The singlevar in lparser.c lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read th...

PT-2025-26588 · Unknown · Notepadnext

Name of the Vulnerable Software and Affected Versions: NotepadNext versions through v0.11 Description: The issue is an Out-of-bounds Read vulnerability in the NotepadNext Lua Parser Module, specifically affecting the singlevar function in lparser.c. This vulnerability can lead to a heap-based...

PT-2025-26589 · Unknown · Notepadnext

Name of the Vulnerable Software and Affected Versions: NotepadNext versions through v0.11 Description: The issue is an Out-of-bounds Write vulnerability in dail8859 NotepadNext, affecting the src/lua/src modules, specifically program files ldebug.C and lvm.C. Recommendations: For NotepadNext...

Astra Linux – Vulnerability in lua5.3

The vulnerability of the lmathlib.c component of the Lua script interpreter is related to a lack of data type conversion mechanisms. Exploiting this vulnerability allows an attacker to cause service failures...

[SECURITY] Fedora 41 Update: valkey-8.0.3-3.fc41

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

OS Command Exec, Unix Command Shell, Reverse TCP (via Lua)

Execute an OS command from PHP. Creates an interactive shell via Lua Module Options msf use payload/php/unix/cmd/reverselua msf payloadreverselua show actions ...actions... msf payloadreverselua set ACTION msf payloadreverselua show options ...show and set options... msf payloadreverselua run Thi...

[SECURITY] Fedora 42 Update: lua-http-0.3-17.fc42

lua-http is an efficient, capable HTTP and WebSocket library for Lua...

Fedora: Security Advisory (FEDORA-2025-82090f2bcc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-5196

A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Lua Admin Console. The manipulation leads to execution with unnecessary privileges. The attack can be launched remotely. The...

CVE-2025-5196

A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Lua Admin Console. The manipulation leads to execution with unnecessary privileges. The attack can be launched remotely. The...

CVE-2025-5196 Wing FTP Server Lua Admin Console unnecessary privileges

A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Lua Admin Console. The manipulation leads to execution with unnecessary privileges. The attack can be launched remotely. The...

CVE-2025-5196

CVE-2025-5196 affects Wing FTP Server up to 7.4.3, via the Lua Admin Console, granting execution with unnecessary privileges. Exploitation appears remote and authenticated (PoC exists). Upgrade to version 7.4.4 to address the issue; vendor notes recommend running the service as a Normal User for ...

CVE-2025-5196 Wing FTP Server Lua Admin Console unnecessary privileges

A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Lua Admin Console. The manipulation leads to execution with unnecessary privileges. The attack can be launched remotely. The...

PT-2025-22929 · Unknown · Wing Ftp Server

Name of the Vulnerable Software and Affected Versions: Wing FTP Server versions 7.4.0 through 7.4.3 Description: A critical vulnerability has been found in the Lua Admin Console component of Wing FTP Server, allowing execution with unnecessary privileges. The attack can be launched remotely and h...

Fedora: Security Advisory (FEDORA-2024-c83b7dcae0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Authentication Bypass by Spoofing in Apache Apisix

Apache APISIX 2.12.x Remote Code Execution RCE Exploit This...

Exploit for Execution with Unnecessary Privileges in Wftpserver Wing_Ftp_Server

Wing FTP Server 7.4.4 - Remote Code Execution Authenticated...