PT-2026-40434

Name of the Vulnerable Software and Affected Versions Wing FTP Server version 8.1.2 Description An authenticated remote code execution issue exists in the session serialization mechanism. Authenticated administrators can inject arbitrary Lua code through the domain admin mydirectory field. This...

Exploiting-RCC

Exploiting open ports in RCC Service Having all RCC ports ope...

Windows Registry Security Audit Scanner

This C++ program is a Windows Registry Security Scanner designed for defensive auditing. It checks the presence and status of critical system registry keys such as LSA, Windows Defender, Winlogon, and system policy configurations. It also inspects user accessibility-related registry paths under...

Ubuntu 16.04 LTS : Lua vulnerability (USN-8262-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8262-1 advisory. It was discovered that the Lua parser incorrectly handled garbage collection when processing specially crafted Lua scripts. A remote attacker could possibly use...

Unity Linux 20.1070e Security Update: redis6 (UTSA-2026-017741)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017741 advisory. Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua...

Unity Linux 20.1060e / 20.1070e Security Update: redis (UTSA-2026-017593)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017593 advisory. Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debuggers...

Unity Linux 20.1070e Security Update: redis6 (UTSA-2026-017799)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017799 advisory. Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debuggers...

OverrideFuzz: Semantic-Aware Grammar Fuzzing for Script-Runtime Vulnerabilities

Script-language runtimes such as Python, Lua, and JavaScript are widely deployed in security sensitive contexts, yet they remain difficult to test because valid inputs must satisfy syntax, dynamic type constraints, and object-level semantics. Existing grammar and reflection-based fuzzers improve...

[SECURITY] Fedora 43 Update: prosody-13.0.5-1.fc43

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

[SECURITY] Fedora 44 Update: prosody-13.0.5-1.fc44

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

USN-8262-1: Lua vulnerability

It was discovered that the Lua parser incorrectly handled garbage collection when processing specially crafted Lua scripts. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

USN-8262-1 lua5.1 vulnerability

It was discovered that the Lua parser incorrectly handled garbage collection when processing specially crafted Lua scripts. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

CVE-2026-42214

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

CVE-2026-42214

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

EUVD-2026-28410

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

CVE-2026-42214

Notepad Next (NotepadNext) before version 0.14 is affected by CVE-2026-42214. The vulnerability lies in detectLanguageFromExtension(), which inserts a file extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which executes...

CVE-2026-42214 Improper Control of Generation of Code ('Code Injection') in dail8859/NotepadNext

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

CVE-2026-42214 Improper Control of Generation of Code ('Code Injection') in dail8859/NotepadNext

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

BIT-VALKEY-2026-23631 redis-server Lua use-after-free may allow remote code execution

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...

BIT-REDIS-2026-23631 redis-server Lua use-after-free may allow remote code execution

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...