CVE-2025-26204

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2025-26205

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2025-26204

...

CVE-2025-26205

CVE-2025-26205 entry is rejected/not used; this ID does not represent an active vulnerability.

CVE-2025-26204

CVE-2025-26204 is rejected/not used per the Initial Description.

PT-2025-11679 · Openresty +1 · Lua-Nginx-Module +2

Name of the Vulnerable Software and Affected Versions: OpenResty/lua-nginx-module affected versions not specified Description: The issue concerns HTTP Request Smuggling in HEAD requests. When handling HTTP/1.1 requests, the lua-nginx-module incorrectly parses HEAD requests with a body, treating t...

RHEL 8 : redis:6 (RHSA-2025:0595)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:0595 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets...

Ubuntu: Security Advisory (USN-7321-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7321-1 redis vulnerabilities

It was discovered that Redis incorrectly handled certain memory operations during pattern matching. An attacker could possibly use this issue to cause a denial of service. CVE-2024-31228 It was discovered that Redis incorrectly handled certain specially crafted Lua scripts. An attacker could...

Linux Distros Unpatched Vulnerability : CVE-2022-33099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. CVE-2022-33099 Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2021-44647

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service. CVE-2021-44647...

Linux Distros Unpatched Vulnerability : CVE-2021-32672

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger'...

Linux Distros Unpatched Vulnerability : CVE-2022-28805

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read that...

Linux Distros Unpatched Vulnerability : CVE-2021-44964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

Linux Distros Unpatched Vulnerability : CVE-2022-35978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua...

Linux Distros Unpatched Vulnerability : CVE-2022-24735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior t...

Malicious code in bindbc-lua (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c99a42c2ca94208dcdd6dd74e22b5b79b9b211d2afd1854339f31be90d6cd75 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2032 Malicious code in bindbc-lua (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c99a42c2ca94208dcdd6dd74e22b5b79b9b211d2afd1854339f31be90d6cd75 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the apcli_wps_gen_pincode() function in the mtkwifi.lua script of the TOTOLINK X5000R router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the apcliwpsgenpincode function in the mtkwifi.lua script of the TOTOLINK X5000R router’s software is related to the lack of measures taken to secure input data at the control level. Exploiting this vulnerability could allow an attacker to execute arbitrary commands remotely...

CVE-2025-25605

Totolink X5000R V9.1.0u.6369B20230113 is vulnerable to command injection via the apcliwpsgenpincode function in mtkwifi.lua...