15 matches found
SUSE CVE-2026-40960
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...
CVE-2026-40959
A flaw was found in Luanti, specifically when using LuaJIT. A local attacker can exploit this vulnerability by providing a crafted mod. This can lead to a Lua sandbox escape, allowing the attacker to bypass security restrictions and potentially gain confidentiality, integrity, and availability...
CVE-2026-40959
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod...
DEBIAN-CVE-2026-40959
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod...
CVE-2026-40960
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...
CVE-2026-40960
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...
CVE-2026-40960
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...
CVE-2026-40959
CVE-2026-40959 affects Luanti 5.x prior to 5.15.2. When using LuaJIT, a crafted mod can cause a Lua sandbox escape. The issue is described in multiple sources as Luanti 5 before 5.15.2, with the sandbox escape vulnerability carrying a high impact in CVSS (high confidentiality, integrity, and avai...
CVE-2026-40959
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod...
CVE-2026-40959
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod...
CVE-2026-40959
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod...
CVE-2026-40959
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod...
PT-2026-33198
Name of the Vulnerable Software and Affected Versions Luanti 5 versions prior to 5.15.2 Description An issue exists where unintended access to an insecure environment may occur. If at least one mod is listed as secure.trusted mods or secure.http mods, a crafted mod can intercept and gain access t...
PT-2026-33197
Name of the Vulnerable Software and Affected Versions Luanti versions 5.0 through 5.15.1 Description A sandbox escape exists when LuaJIT is used, allowing a crafted mod to execute arbitrary code outside the game engine. Recommendations Update to version 5.15.2...
Design/Logic Flaw
Shell Metacharacter Injection in www/modules/save.php in FruityWifi aka PatatasFritas/PatataWifi through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted modname parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid...