23 matches found
CVE-2026-45728 Algernon: Single-file mode unconditionally enables debug mode
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled. debugMode activates the PrettyError renderer, which on any Lua or template error respon...
Debian dsa-6279 : redis - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6279 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6279-1 [email protected]...
Important: valkey
Issue Overview: Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other user...
Valkey Affected by RESP Protocol Injection via Lua error_reply
...
BIT-VALKEY-2025-67733 Valkey Affected by RESP Protocol Injection via Lua error_reply
Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...
CVE-2025-67733
Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...
CVE-2025-67733
Valkey is affected by a RESP protocol injection via Lua error_reply. Before versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user could inject information into the response stream through scripting commands, potentially corrupting or returning tampered data to other users on the same connect...
CVE-2025-67733 Valkey Affected by RESP Protocol Injection via Lua error_reply
Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...
Valkey 注入漏洞
Valkey is a flexible distributed key-value database developed by Valkey OpenSource. Versions prior to Valkey 9.0.2, 8.1.6, 8.0.7, and 7.2.12 have injection vulnerabilities. This vulnerability stems from Lua script error handling code that fails to properly handle empty characters, potentially...
CVE-2026-24809 Save stack space while handling errors in praydog/REFramework
An issue from the component luaGrunerror in dependencies/lua/src/ldebug.c in praydog/REFramework version before 1.5.5 leads to a heap-buffer overflow when a recursive error occurs...
SUSE CVE-2015-2939
Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...
SUSE CVE-2022-33099
An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...
AZL-10045 CVE-2022-33099 affecting package lua for versions less than 5.4.3-4
An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...
AZL-41192 CVE-2022-33099 affecting package ntopng for versions less than 5.2.1-4
An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...
CVE-2015-2939
Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...
CVE-2015-2939
Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...
Cross site scripting
Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...
CVE-2015-2939
Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...
UBUNTU-CVE-2015-2939
Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...
CVE-2015-2939
Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...