24 matches found
LuaJIT 2.1.1774638290 - Arbitrary Code Execution
-- Exploit Title: LuaJIT 2.1.1774638290 - Arbitrary Code Execution -- Date: 2026-03-29 -- Exploit Author: TaurusOmar -- Vendor Homepage: https://luajit.org/ -- Software Link: https://luajit.org/download.html -- Version: LuaJIT 2.1.1774638290 latest -- Tested on: Linux x86-64 Arch Linux --...
📄 LuaJIT 2.1.1774638290 FFI Remote Code Execution / Lua Injection
This script is a LuaJIT exploitation tool that attempts to abuse the LuaJIT FFI Foreign Function Interface to execute system commands or arbitrary shellcode on a remote Lua runtime exposed over a TCP socket. It connects to a target service, injects Lua code dynamically, and leverages unsafe FFI...
📄 LuaJIT 2.1.1774638290 Arbitrary Code Execution
LuaJIT's Foreign Function Interface FFI provides unrestricted access to native C functions including syscall, mmap, mprotect and arbitrary shared library loading. When FFI is accessible to untrusted Lua code in embedding scenarios OpenResty, Redis, game engines, IoT, an attacker can achieve...
CVE-2026-30960
rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. The vulnerability exists in the JIT Just-In-Time compilation engine, which is fully exposed via the CFFI Foreign Functi...
CVE-2026-30960 RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface
rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. The vulnerability exists in the JIT Just-In-Time compilation engine, which is fully exposed via the CFFI Foreign Functi...
CVE-2026-30960 RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface
rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. The vulnerability exists in the JIT Just-In-Time compilation engine, which is fully exposed via the CFFI Foreign Functi...
GHSA-9C4H-PWMF-M6FJ RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface
Impact Vulnerability Type: Improper Control of Generation of Code 'Code Injection' CWE-94 / Improper Check for Unusual or Exceptional Conditions CWE-754 / Improper Input Validation CWE-20 / Use of Low-Level Functionality CWE-695 / Improper Privilege Management CWE-269 / External Control of System...
RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface
Impact Vulnerability Type: Improper Control of Generation of Code 'Code Injection' CWE-94 / Improper Check for Unusual or Exceptional Conditions CWE-754 / Improper Input Validation CWE-20 / Use of Low-Level Functionality CWE-695 / Improper Privilege Management CWE-269 / External Control of System...
RustSec Advisory
Impact Vulnerability Type: Improper Control of Generation of Code 'Code Injection' CWE-94 / Improper Check for Unusual or Exceptional Conditions CWE-754 / Improper Input Validation CWE-20 / Use of Low-Level Functionality CWE-695 / Improper Privilege Management CWE-269 / External Control of System...
PT-2026-24192
Name of the Vulnerable Software and Affected Versions rssn versions prior to 0.2.9 Description The rssn scientific computing library for Rust has an issue in its JIT Just-In-Time compilation engine, which is exposed through the CFFI Foreign Function Interface. Insufficient input validation and...
PT-2026-23458
Cross-Site Request Forgery CSRF vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, FFI bridge modules allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart,...
[SECURITY] Fedora 42 Update: rust-tikv-jemalloc-sys-0.6.1-1.fc42
Rust FFI bindings to jemalloc...
EUVD-2022-0748
Malicious code in bioql PyPI...
SUSE CVE-2024-20380
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitti...
CVE-2024-20380
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitti...
SUSE CVE-2015-7551
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of...
Design/Logic Flaw
An issue was discovered in the libpulse-binding crate before 2.6.0 for Rust. It mishandles a panic that crosses a Foreign Function Interface FFI boundary...
Rust libpulse-binding crate 安全漏洞
Rust libpulse-binding crate is the repository that contains sys FFI and binding libraries crates for connecting to PulseAudio PA from the Rust programming language. A security vulnerability exists in Rust libpulse-binding crate versions prior to 2.6.0, which stems from a boundary error in the...
python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c
A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer on the stack an...
lua-resty-waf
This repository is an exploit module/toolkit targeting OpenResty, a high-performance web server built on the Nginx core. The primary vulnerability class/vector is not explicitly stated, but based on the code and metadata, it appears to be a remote code execution RCE vulnerability. The probable...