Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

149 matches found

Tenable Nessus
Tenable Nessusadded 2025/10/13 12:0 a.m.1 views

Fedora 41 : valkey (2025-00e79c49ca)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-00e79c49ca advisory. Valkey 8.0.6 - Released Fri 03 October 2025 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possibl...

9.9CVSS8.1AI score0.11111EPSS
Exploits14References6
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2015-7973

Malware in sbrugna...

7.5CVSS6.9AI score0.06469EPSS
Exploits1References19
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2017-18324

Malware in sbrugna...

9CVSS8.8AI score0.06444EPSS
Exploits1References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.0 views

EUVD-2020-6304

Malware in sbrugna...

7.7CVSS6.5AI score0.00416EPSS
Exploits0References9
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-39846

Malicious code in bioql PyPI...

9.8CVSS8.6AI score0.00695EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-18872

Malicious code in bioql PyPI...

5.1CVSS6.5AI score0.00112EPSS
Exploits0References2
NVD
NVDadded 2025/09/22 6:15 p.m.1 views

CVE-2025-57439

Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into the configuration, which is then executed on the server. This allows full system compromise, including reverse...

8.8CVSS0.00341EPSS
Exploits1References2
OSV
OSVadded 2025/09/22 6:15 p.m.1 views

CVE-2025-57439

Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into the configuration, which is then executed on the server. This allows full system compromise, including reverse...

8.8CVSS6.3AI score0.00341EPSS
Exploits1References2
CNNVD
CNNVDadded 2025/09/22 12:0 a.m.2 views

Creacast Creabox Manager 安全漏洞

Creacast Creabox Manager is a device management system from Creacast France. A security vulnerability exists in Creacast Creabox Manager version 4.4.4, which originates in the edit.php endpoint that allows the injection of arbitrary Lua code, which could lead to remote code execution and full...

8.8CVSS8.2AI score0.00341EPSS
Exploits1References3
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-11722

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dungeon Crawl Stone Soup aka DCSS or crawl before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file...

9.8CVSS8.5AI score0.03645EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2018-1999023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code executio...

8.8CVSS8.2AI score0.00425EPSS
Exploits0References2
GithubExploit
GithubExploitadded 2025/07/17 7:2 a.m.286 views

Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

=========================================================== CVE...

10CVSS9.9AI score0.92927EPSS
Exploits23
NCSC
NCSCadded 2025/07/14 6:6 a.m.8 views

Vulnerability fixed in Wing FTP Server

The developer of Wing FTP Server has fixed a vulnerability in version 7.4.4. The vulnerability is in the way Wing FTP Server processes null bytes in the user parameter. This allows a remote malicious person to inject arbitrary Lua code into session files, which can lead to the execution of...

10CVSS9.5AI score0.92927EPSS
Exploits23References2
CISA KEV Catalog
CISA KEV Catalogadded 2025/07/14 12:0 a.m.24 views

Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability

Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default...

10CVSS8.5AI score0.92927EPSS
In wildExploits23
RedhatCVE
RedhatCVEadded 2025/07/12 12:28 a.m.11 views

CVE-2025-47812

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default. This is thu...

10CVSS9.9AI score0.92927EPSS
Exploits23References1
Tenable Nessus
Tenable Nessusadded 2025/07/11 12:0 a.m.10 views

Wing FTP Server < 7.4.4 Multiple Vulnerabilities

The remote FTP server is running a version of Wing FTP Server earlier than 7.4.4. It is, therefore, affected by multiple vulnerabilities, as follows: - In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into...

10CVSS8.2AI score0.92927EPSS
Exploits24References5
NVD
NVDadded 2025/07/10 8:15 p.m.6 views

CVE-2025-34095

An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute code, which is then persisted on...

9.3CVSS0.66611EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/07/10 7:14 p.m.2 views

CVE-2025-34095 Mako Server v2.5 and v2.6 OS Command Injection via examples/save.lsp

An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute code, which is then persisted on...

9.3CVSS7.9AI score0.66611EPSS
Exploits0References3
NVD
NVDadded 2025/07/10 5:15 p.m.8 views

CVE-2025-47812

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default. This is thu...

10CVSS0.92927EPSS
Exploits23References6
OSV
OSVadded 2025/07/10 5:15 p.m.1 views

CVE-2025-47812

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default. This is thu...

10CVSS6.6AI score0.92927EPSS
Exploits23References6
Rows per page
Query Builder