CVE-2025-26269

Summary: CVE-2025-26269 affects DragonflyDB Dragonfly up to version 1.28.2. Affected component: Lua library usage that can reference a large negative integer, enabling an authenticated user to trigger a denial of service (daemon crash). The issue is fixed in DragonflyDB 1.29.0. Impact (as stated)...

The vulnerability of the lua-nginx-module in NGINX web servers, related to inconsistent interpretation of HTTP requests, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the lua-nginx-module in NGINX web servers is related to inconsistent interpretation of HTTP requests. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests a type of HTTP Request Smuggling attack...

PT-2025-23411 · Git +1 · Suricata

Name of the Vulnerable Software and Affected Versions: Lua affected versions not specified Description: The software contains a use-of-uninitialized-value issue. The crash state involves the luaS new, auxsetstr, and luaL requiref functions. Recommendations: At the moment, there is no information...

The vulnerability of the apcli Cancel_wps() function (/usr/lib/lua/luci/controller/mtkwifi.lua) in the TOTOLINK A6000R router software allows a attacker to execute arbitrary commands or cause service interruptions.

The vulnerability of the apcliCancelwps function /usr/lib/lua/luci/controller/mtkwifi.lua of the TOTOLINK A6000R router’s software is related to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to...

CVE-2025-3249

A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apclicancelwps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The explo...

CVE-2025-3249

CVE-2025-3249 affects TOTOLINK A6000R 1.0.1-B20201211.2000. The issue is in the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua , enabling remote command injection . Several sources confirm this vulnerability with public disclosure and potential exploitation.

PT-2025-27561 · Git +1 · Tarantool

Name of the Vulnerable Software and Affected Versions: Lua affected versions not specified Description: The Lua interpreter suffers from a heap-use-after-free issue. The crash state indicates the issue occurs within the lj strfmt pushvf, lua pushfstring, and luaL loadfilex functions...

K000150506: Lua vulnerabilities CVE-2014-5461, CVE-2021-43519

Security Advisory Description CVE-2014-5461 Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service crash via a small number of arguments to a function with a large number of fixed arguments...

CVE-2025-29226

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt"count" parameter...

CVE-2025-29227

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt"pkgsize" parameter...

CVE-2025-29227

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt"pkgsize" parameter...

RockyLinux 9 : redis (RLSA-2025:0693)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:0693 advisory. redis: heap overflow in the lua cjson and cmsgpack libraries CVE-2022-24834 redis: possible bypass of Unix socket permissions on startup CVE-2023-45145...

redis security update

An update is available for redis. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Redis is an advanced key-value store. It is often referred to as a data-structu...

RLSA-2025:0692 Important: redis:7 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

OESA-2025-1281 syslinux security update

The Syslinux Project covers lightweight bootloaders for MS-DOS FAT filesystems SYSLINUX, network booting PXELINUX, bootable "El Torito" CD-ROMs ISOLINUX, and Linux ext2/ext3/ext4 or btrfs filesystems EXTLINUX. The project also includes MEMDISK, a tool to boot legacy operating systems such as DOS...

OESA-2025-1280 syslinux security update

The Syslinux Project covers lightweight bootloaders for MS-DOS FAT filesystems SYSLINUX, network booting PXELINUX, bootable "El Torito" CD-ROMs ISOLINUX, and Linux ext2/ext3/ext4 or btrfs filesystems EXTLINUX. The project also includes MEMDISK, a tool to boot legacy operating systems such as DOS...

OESA-2025-1279 syslinux security update

The Syslinux Project covers lightweight bootloaders for MS-DOS FAT filesystems SYSLINUX, network booting PXELINUX, bootable "El Torito" CD-ROMs ISOLINUX, and Linux ext2/ext3/ext4 or btrfs filesystems EXTLINUX. The project also includes MEMDISK, a tool to boot legacy operating systems such as DOS...

OESA-2025-1278 syslinux security update

The Syslinux Project covers lightweight bootloaders for MS-DOS FAT filesystems SYSLINUX, network booting PXELINUX, bootable "El Torito" CD-ROMs ISOLINUX, and Linux ext2/ext3/ext4 or btrfs filesystems EXTLINUX. The project also includes MEMDISK, a tool to boot legacy operating systems such as DOS...

CVE-2025-26204

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2025-26205

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...