CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/04/08 12:0 a.m.•0 views

OPENSUSE-SU-2026:10507-1 python311-lupa-2.7-1.1 on GA media

These are all security issues fixed in the python311-lupa-2.7-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE CVE•added 2026/04/07 11:25 p.m.•2 views

SUSE CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

vulnersOsv•added 2026/04/07 3:48 p.m.•0 views

Exploits1References3

asimov-agents (>=0.0.3 <=0.1.2), dcspy (>=3.6.2 <=3.8.1) +1 more potentially affected by CVE-2026-34444 via lupa (>=2.2.0 <=2.6.0)

lupa PYPI version =2.2.0, =0.0.3, =3.6.2, =3.8.1 - draw-palette =0.3.0 Source cves: CVE-2026-34444 Source advisory: SNYK:PYTHON-LUPA-15954200...

vulnersOsv•added 2026/04/07 3:48 p.m.•1 views

asimov-agents (>=0.0.3 <=0.1.2), corva-sdk (>=1.4.0 <=1.12.1) +6 more potentially affected by CVE-2026-34444 via lupa (>=1.14.1 <=2.5.0)

lupa PYPI version =1.14.1, =0.0.3, =1.4.0, =3.6.2, =0.1.1, =1.6.0, =0.0.4, =0.0.1, =0.0.4 Source cves: CVE-2026-34444 Source advisory: OSV:GHSA-69V7-XPR6-6GJM...

EUVD•added 2026/04/07 3:48 p.m.•1 views

EUVD-2026-19346

Lupa has a Sandbox escape and RCE due to incomplete attributefilter enforcement in getattr / setattr...

7.9CVSS5.9AI score0.00049EPSS

OSV•added 2026/04/07 3:48 p.m.•3 views

GHSA-69V7-XPR6-6GJM Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr

Summary The attributefilter in the Lupa library is intended to restrict access to sensitive Python attributes when exposing objects to Lua. However, the filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to...

10CVSS6.5AI score0.00049EPSS

Exploits1References3

Snyk•added 2026/04/07 3:48 p.m.•3 views

Arbitrary Code Injection

Overview lupa is a Python wrapper around Lua and LuaJIT Affected versions of this package are vulnerable to Arbitrary Code Injection incomplete enforcement of the attributefilter in the getattr and setattr built-in functions. An attacker can execute arbitrary commands in the host environment by...

10CVSS6.1AI score0.00049EPSS

Github Security Blog•added 2026/04/07 3:48 p.m.•4 views

Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr

10CVSS6.5AI score0.00049EPSS

Exploits1References3Affected Software1

Tenable Nessus•added 2026/04/07 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-34444

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed throug...

RedhatCVE•added 2026/04/06 7:52 p.m.•4 views

Exploits1References3

CVE-2026-34444

A flaw was found in Lupa, a tool that integrates Lua or LuaJIT2 runtimes into CPython. An attacker can exploit this vulnerability by bypassing attribute filtering mechanisms when accessing attributes through built-in functions like getattr and setattr. This inconsistency in applying security...

NVD•added 2026/04/06 4:16 p.m.•1 views

Exploits1References4

CVE-2026-34444

10CVSS0.00049EPSS

OSV•added 2026/04/06 4:16 p.m.•2 views

DEBIAN-CVE-2026-34444

UbuntuCve•added 2026/04/06 4:16 p.m.•0 views

CVE-2026-34444

CVE•added 2026/04/06 3:30 p.m.•10 views

CVE-2026-34444

CVE-2026-34444 affects Lupa (Lua/LuaJIT2 runtimes integrated into CPython). The attribute_filter is not consistently applied when attributes are accessed via built-in functions like getattr/setattr, allowing bypass of restrictions and potentially arbitrary code execution. Documented in multiple s...

10CVSS6.2AI score0.00049EPSS

Exploits1References1Affected Software1

Debian CVE•added 2026/04/06 3:30 p.m.•2 views

CVE-2026-34444

Vulnrichment•added 2026/04/06 3:30 p.m.•3 views

CVE-2026-34444 Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr

7.9CVSS6.2AI score0.00049EPSS

Cvelist•added 2026/04/06 3:30 p.m.•24 views

CVE-2026-34444 Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr

7.9CVSS0.00049EPSS

AlpineLinux•added 2026/04/06 3:30 p.m.•0 views

CVE-2026-34444

10CVSS6.1AI score0.00049EPSS

CNNVD•added 2026/04/06 12:0 a.m.•2 views

Lupa 安全漏洞

Lupa is a bridging library developed by Scoder’s individual developers, which embeds the Lua runtime into Python. Versions of Lupa 2.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the fact that the property filter was not consistently applied in built-in...

10CVSS5.9AI score0.00049EPSS