CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua...

7.1CVSS8.6AI score0.07828EPSS

Exploits0References1

Tenable Nessus•added 2025/07/11 12:0 a.m.•2 views

CBL Mariner 2.0 Security Update: lua / memcached / ntopng (CVE-2021-44964)

The version of lua / memcached / ntopng installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-44964 advisory. - Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3...

6.3CVSS6.8AI score0.00152EPSS

Exploits1References2

CVE•added 2025/07/10 7:14 p.m.•23 views

CVE-2025-34095

An OS command injection exists in Real Time Logic Mako Server v2.5 and v2.6 via the examples/save.lsp tutorial interface. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute() code, which is persisted on disk and later executed when a GET is issued to ex...

9.3CVSS7.4AI score0.66611EPSS

Exploits0References3

Positive Technologies•added 2025/04/11 12:0 a.m.•1 views

PT-2025-23411 · Git +1 · Suricata

Name of the Vulnerable Software and Affected Versions: Lua affected versions not specified Description: The software contains a use-of-uninitialized-value issue. The crash state involves the luaS new, auxsetstr, and luaL requiref functions. Recommendations: At the moment, there is no information...

7AI score

Exploits0References2

NVD•added 2025/03/09 9:15 p.m.•4 views

CVE-2025-26204

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Exploits0

Rosalinux•added 2025/01/28 1:41 p.m.•23 views

Advisory ROSA-SA-2025-2620

software: lua 5.3.6 WASP: ROSA-CHROME packageevrstring: lua-5.3.6-1 CVE-ID: CVE-2020-15945 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Lua: Vulnerability segmentation fault due to incorrect update of oldpc value during function control return. CVE-STATUS: Vulnerability resolved CVE-REV: To close the...

5.5CVSS6.8AI score0.00158EPSS

Exploits1

OSV•added 2024/07/29 4:27 a.m.•0 views

USN-6916-1 lua5.4 vulnerabilities

It was discovered that Lua did not properly generate code when "ENV" is constant. An attacker could possibly use this issue to cause a denial of service or execute arbitrary unstrusted lua code. CVE-2022-28805 It was discovered that Lua did not properly handle C stack overflows during error...

9.1CVSS7.5AI score0.003EPSS

Exploits2References3

Amazon•added 2024/02/19 12:0 a.m.•4 views

Medium: lua

Issue Overview: In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read. CVE-2021-45985 An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. CVE-2022-33099 Affected Packages: lua...

7.5CVSS7.3AI score0.0033EPSS

Exploits2

OSV•added 2023/04/10 9:15 a.m.•2 views

DEBIAN-CVE-2021-45985

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read...

7.5CVSS7.5AI score0.0033EPSS

Exploits1References1

SUSE CVE•added 2023/02/15 3:36 a.m.•1 views

SUSE CVE-2021-44647

Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service...

5.5CVSS8.9AI score0.00134EPSS

Exploits1References3

CNNVD•added 2023/01/08 12:0 a.m.•3 views

PAC3 跨站脚本漏洞

PAC3 is an advanced avatar customization for garrysmod by Elias Hogstvedt personal developer. CapsAdmin PAC3 suffers from a cross-site scripting vulnerability that stems from some unknown functionality in the file lua/pac3/core/shared/http.lua, where manipulation of the parameter url can lead to...

5.4CVSS4.2AI score0.00261EPSS

Exploits0References5

BDU FSTEC•added 2022/07/06 12:0 a.m.•1 views

The vulnerability of the mod_lua module in the Apache HTTP Server allows a hacker to cause a service failure.

The vulnerability of the modlua module in the Apache HTTP Server is related to the unlimited distribution of resources when processing the function with zero parameter r:parsebody0. Exploiting this vulnerability allows a malicious actor to cause service failures by sending a specially crafted HTT...

5.9CVSS6.8AI score0.32376EPSS

Exploits1References20Affected Software10

CNNVD•added 2022/07/01 12:0 a.m.•2 views

Lua 缓冲区错误漏洞

Lua is a lightweight, extensible open source scripting language from the LUA team. A security vulnerability exists in Lua v5.4.4 and earlier versions, which stems from an issue in luaGrunerror that causes a heap buffer overflow in the event of a recursive error...

7.5CVSS7.2AI score0.003EPSS

Exploits1References11

Microsoft CVE•added 2022/04/14 7:0 a.m.•1 views

Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.

...

5.5CVSS6.5AI score0.00134EPSS

Exploits1

OSV•added 2022/04/08 6:15 a.m.•3 views

AZL-9333 CVE-2022-28805 affecting package lua for versions less than 5.4.3-2

singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code...

9.1CVSS7.5AI score0.00171EPSS

Exploits1References1