3315 matches found
Valkey 注入漏洞
Valkey is a flexible distributed key-value database developed by Valkey OpenSource. Versions prior to Valkey 9.0.2, 8.1.6, 8.0.7, and 7.2.12 have injection vulnerabilities. This vulnerability stems from Lua script error handling code that fails to properly handle empty characters, potentially...
Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server
CVE-2025-47812 — Wing FTP Server Unauthenticated RCE ██╗...
ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware
Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan RAT called MIMICRAT aka AstarionRAT. "The campaign demonstrates a high level of operational sophistication: compromised...
CVE-2026-22208
OpenS100 the reference implementation S-100 viewer prior to commit 753cf29 contains a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaLopenlibs without sandboxing or capability restrictions, exposing standard libraries such as...
CVE-2026-22208
OpenS100 the reference implementation S-100 viewer prior to commit 753cf29 contains a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaLopenlibs without sandboxing or capability restrictions, exposing standard libraries such as...
CVE-2026-22208
OpenS100 the reference implementation S-100 viewer prior to commit 753cf29 contain a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaLopenlibs without sandboxing or capability restrictions, exposing standard libraries such as...
CVE-2026-22208 OpenS100 Portrayal Engine Unrestricted Lua Standard Library Access
OpenS100 the reference implementation S-100 viewer prior to commit 753cf29 contains a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaLopenlibs without sandboxing or capability restrictions, exposing standard libraries such as...
CVE-2026-22208 OpenS100 Portrayal Engine Unrestricted Lua Standard Library Access
OpenS100 the reference implementation S-100 viewer prior to commit 753cf29 contains a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaLopenlibs without sandboxing or capability restrictions, exposing standard libraries such as...
CVE-2026-22208
OpenS100 (reference S-100 viewer) before commit 753cf29 is vulnerable to remote code execution via an unrestricted Lua interpreter. The Portrayal Engine calls luaL_openlibs() without sandboxing, exposing standard libraries such as os and io to untrusted portrayal catalogues. An attacker can suppl...
CVE-2026-22208
OpenS100 the reference implementation S-100 viewer prior to commit 753cf29 contains a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaLopenlibs without sandboxing or capability restrictions, exposing standard libraries such as...
PT-2026-20300
Name of the Vulnerable Software and Affected Versions OpenS100 versions prior to commit 753cf29 Description The software contains a remote code execution issue due to an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaL openlibs without sandboxing or capability...
OpenS100 安全漏洞
OpenS100 is an IHO S-101 ENC viewer developed by S-100Viewer personal developers. OpenS100 has a security vulnerability, which stems from an unrestricted Lua interpreter. This vulnerability could allow attackers to execute arbitrary code through malicious S-100 description directories...
CVE-2025-67482
Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This issue affects Scribunto: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from before...
openSUSE 16 Security Update : orthanc, gdcm, orthanc-authorization, orthanc-dicomweb, orthanc-gdcm, orthanc-indexer, orthanc-mysql, orthanc-neuro, orthanc-postgresql, orthanc-python, orthanc-stl, orthanc-tcia, orthanc-wsi, python-pyorthanc (openSUSE-SU-2026:20193-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20193-1 advisory. Changes in orthanc: - dcmtk 370 breaks TW build - switch to lua 5.4 - patch out boost component system from framework - version 1.12.10 ' long...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: redis (UTSA-2026-005347)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005347 advisory. Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to caus...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: redis (UTSA-2026-005343)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005343 advisory. Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: redis (UTSA-2026-005345)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005345 advisory. Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read...
SUSE CVE-2026-23742
Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...
CVE-2026-24827 affecting package lua for versions less than 5.4.4-2
CVE-2026-24827 affecting package lua for versions less than 5.4.4-2. A patched version of the package is available...
GO-2026-4327 Skipper is vulnerable to arbitrary code execution through lua filters in github.com/zalando/skipper
Skipper is vulnerable to arbitrary code execution through lua filters in github.com/zalando/skipper...