33 matches found
MGASA-2026-0185 Updated minetest packages fix security vulnerabilities
Mod security sandbox escape. CVE-2026-40959 HTTP API and insecure environment access control bypass. CVE-2026-40960...
Ubuntu 25.10 / 26.04 LTS : Luanti vulnerabilities (USN-8366-1)
The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8366-1 advisory. It was discovered that Luanti, when using LuaJIT, did not properly enforce Lua sandbox restrictions. An attacker could possibly use this issue to...
USN-8366-1 luanti vulnerabilities
It was discovered that Luanti, when using LuaJIT, did not properly enforce Lua sandbox restrictions. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-40959 It was discovered that Luanti did not properly restrict access to insecure environments. An attacker could...
USN-8366-1: Luanti vulnerabilities
It was discovered that Luanti, when using LuaJIT, did not properly enforce Lua sandbox restrictions. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-40959 It was discovered that Luanti did not properly restrict access to insecure environments. An attacker could...
SUSE CVE-2026-40960
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...
CVE-2026-40960
A flaw was found in Luanti. When at least one module mod is configured as trusted or secure, a specially crafted module can intercept requests to an insecure environment or the HTTP API. This allows the crafted module to gain unintended access to sensitive information and functionality within tha...
CVE-2026-40960
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...
DEBIAN-CVE-2026-40960
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...
UBUNTU-CVE-2026-40960
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...
CVE-2026-40960
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...
CVE-2026-40960
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...
CVE-2026-40960
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...
CVE-2026-40960
CVE-2026-40960 : Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. When at least one mod is listed as secure.trusted_mods or secure.http_mods , a crafted mod can intercept the request for the insecure environment or HTTP API and also gain access to it. This vul...
EUVD-2026-23151
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...
CVE-2026-40960
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...
CVE-2026-40960
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...
PT-2026-33198
Name of the Vulnerable Software and Affected Versions Luanti 5 versions prior to 5.15.2 Description An issue exists where unintended access to an insecure environment may occur. If at least one mod is listed as secure.trusted mods or secure.http mods, a crafted mod can intercept and gain access t...
OneUpTime's Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE
Summary OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By leveraging a standard prototype-chain escape this.constructor.constructor, an...
Exploit for Uncontrolled Search Path Element in Needrestart_Project Needrestart
CVE-2024-48990 PYTHONPATH Hijack - Privilege Escalation Exploi...
EUVD-2006-2547
Malware in sbrugna...