40 matches found
Unity Linux 20.1060e / 20.1070e Security Update: httpd (UTSA-2026-000182)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000182 advisory. The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using...
CVE-2025-56113
OS Command Injection vulnerability in Ruijie RG-YST EST, YSTAP3.01B11P280YST250F V1.xxV2.xx allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua...
CVE-2025-56108
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua...
CVE-2025-56098
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...
PT-2025-50685
Name of the Vulnerable Software and Affected Versions Ruijie X60 PRO versions V1.00 through V2.00 Description An OS Command Injection issue exists in Ruijie X60 PRO. Attackers can execute arbitrary commands by sending a specially crafted POST request to the module set function within the...
PT-2025-50654
Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1800GX PRO versions B11P226 EW1800GX-PRO 10223117 Description An issue exists in Ruijie RG-EW1800GX PRO that may allow attackers to execute arbitrary commands. This can occur through a specially crafted POST request sent to the...
PT-2025-50683
Name of the Vulnerable Software and Affected Versions Ruijie X30-PRO version X30-PRO-V1 09241521 Description An issue exists in Ruijie X30-PRO version X30-PRO-V1 09241521 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the module set paramet...
PT-2025-50681
Name of the Vulnerable Software and Affected Versions Ruijie RG-YST EST, YSTAP 3.01B11P280YST250F versions V1.xxV2.xx Description An OS Command Injection issue exists in Ruijie RG-YST EST, YSTAP 3.01B11P280YST250F. Successful exploitation allows attackers to execute arbitrary commands. This is...
PT-2025-50665
Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1200G PRO versions 1.00 through 4.00 Description An issue exists in Ruijie RG-EW1200G PRO that allows attackers to execute arbitrary commands. This is due to an OS Command Injection flaw within the nbr cwmp.lua file located at...
CVE-2025-56099
OS Command Injection vulnerability in Ruijie RG-YST AP3.01B11P280YST250F allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua...
PT-2025-50650
Name of the Vulnerable Software and Affected Versions Ruijie RG-RAP2200E version 247 2200 Description An issue exists in Ruijie RG-RAP2200E 247 2200 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the module set in the /usr/local/lua/dev...
CVE-2025-56108
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua...
CVE-2025-56108
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua...
CVE-2025-56092
OS Command Injection vulnerability in Ruijie X30 PRO V1 X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...
PT-2025-50684
Name of the Vulnerable Software and Affected Versions Ruijie X60 PRO versions V1.00 through V2.00 Description An OS Command Injection issue exists in Ruijie X60 PRO. Attackers can execute arbitrary commands by sending a specially crafted POST request to the module set function within the...
CVE-2025-52939 Potential heap-buffer overflow vulnerability in NotepadNext
Out-of-bounds Write vulnerability in dail8859 NotepadNext src/lua/src modules. This vulnerability is associated with program files ldebug.C, lvm.C. This issue affects NotepadNext: through v0.11...
PT-2025-7136 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: A missing authentication issue for a critical function in maxprofile/menu/routes.lua allows an unauthenticated remote attacker to edit user permissions via crafted HTTP requests...
Redis Stack Lua Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Redis Stack. Authentication is required to exploit this vulnerability. The specific flaw exists within the Lua module. The issue results from the lack of validating the existence of an object prior t...
CVE-2024-39840
Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects...
httpd: mod_lua: Use of uninitialized value of in r:parsebody
A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest threat from this vulnerability is to system availability...