Lucene search
+L

23 matches found

Cvelist
Cvelist
added 2026/06/25 8:1 a.m.31 views

CVE-2026-46751 Apache Kvrocks: Does not remove the unsafe loadstring function from its Lua sandbox, allowing a user who can run EVAL scripts to load crafted, unvalidated bytecode that crashes the server process, resulting in a remote denial of service.

A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.2.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

5.5CVSS0.00324EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 8:1 a.m.14 views

CVE-2026-46751

CVE-2026-46751 affects Apache Kvrocks (2.2.0–2.15.0). The root cause is that Kvrocks does not remove the unsafe loadstring function from its Lua sandbox, enabling a user who can run EVAL scripts to load crafted, unvalidated bytecode that crashes the server process, resulting in a remote denial of...

5.5CVSS5.8AI score0.00324EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/01/10 3:39 p.m.191 views

POC-APISIX-RCE

Apache APISIX - Remote Code Execution Admin API script inject...

7.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-12952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a...

6.5CVSS6.3AI score0.04182EPSS
Exploits2References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:41 a.m.5 views

SUSE CVE-2017-12952

The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted gig file...

6.5CVSS6.1AI score0.04182EPSS
Exploits2References3
Node.js
Node.js
added 2020/11/09 2:24 p.m.56 views

Cross-Site Scripting in scratch-svg-renderer

Overview This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function. Recommendation Upgrade to version...

6.8CVSS3.2AI score0.06148EPSS
Exploits3Affected Software1
Github Security Blog
Github Security Blog
added 2020/11/09 2:21 p.m.51 views

Cross-Site Scripting in scratch-svg-renderer

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function...

9.6CVSS3.8AI score0.06148EPSS
Exploits3References4Affected Software1
OSV
OSV
added 2020/10/21 5:15 p.m.22 views

CVE-2020-7750

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function...

9.6CVSS6.7AI score
Exploits0References2
NVD
NVD
added 2020/10/21 5:15 p.m.37 views

CVE-2020-7750

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function...

9.6CVSS0.06148EPSS
Exploits3References2
Prion
Prion
added 2020/10/21 5:15 p.m.15 views

Code injection

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function...

6.8CVSS9.2AI score0.06148EPSS
Exploits3References2Affected Software1
Mageia
Mageia
added 2020/05/05 12:20 p.m.25 views

Updated crawl packages fix security vulnerability

Updated crawl packages fix security vulnerability crawl 0.24.0 and earlier are subject to possible remote code evaluation with lua loadstring CVE-2020-11722. This update fixes it, also updating crawl from version 0.23.2 to 0.24.1, with the following main gameplay changes: Vampire species simplifi...

9.8CVSS3.5AI score0.03923EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/04/27 12:0 a.m.23 views

openSUSE Security Update : crawl (openSUSE-2020-549)

This update for crawl fixes the following issues : - CVE-2020-11722: Fixed a remote code evaluation issue with lua loadstring boo1169381 Update to version 0.24.0 - Vampire species simplified - Thrown weapons streamlined - Fedhas reimagined - Sif Muna reworked Update to version 0.23.2 - Trap syste...

9.8CVSS8.5AI score0.03923EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/04/25 12:0 a.m.17 views

openSUSE: Security Advisory for crawl (openSUSE-SU-2020:0549-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.6AI score0.03923EPSS
Exploits0References2
NVD
NVD
added 2017/08/28 7:29 p.m.17 views

CVE-2017-12952

The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted gig file...

6.5CVSS6.2AI score0.04182EPSS
Exploits2References2
OSV
OSV
added 2017/08/28 7:29 p.m.2 views

DEBIAN-CVE-2017-12952

The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted gig file...

6.5CVSS6.7AI score0.04182EPSS
Exploits2References1
OSV
OSV
added 2017/08/28 7:29 p.m.11 views

CVE-2017-12952

The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted gig file...

6.5CVSS6.6AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2017/08/28 7:29 p.m.24 views

CVE-2017-12952

The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted gig file...

6.5CVSS6.6AI score0.04182EPSS
Exploits2References2
Prion
Prion
added 2017/08/28 7:29 p.m.13 views

Null pointer dereference

The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted gig file...

4.3CVSS6.2AI score0.04182EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2017/08/28 7:29 p.m.3 views

UBUNTU-CVE-2017-12952

The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted gig file...

6.5CVSS6.6AI score0.04182EPSS
Exploits2References3
Debian CVE
Debian CVE
added 2017/08/28 7:0 p.m.38 views

CVE-2017-12952

The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted gig file...

6.5CVSS6.2AI score0.04182EPSS
Exploits2
Rows per page
Query Builder