CVE-2026-24827 affecting package lua for versions less than 5.4.4-2

CVE-2026-24827 affecting package lua for versions less than 5.4.4-2. A patched version of the package is available...

GO-2026-4327 Skipper is vulnerable to arbitrary code execution through lua filters in github.com/zalando/skipper

Skipper is vulnerable to arbitrary code execution through lua filters in github.com/zalando/skipper...

CVE-2026-1802 Ziroom ZHOME A0101 zrMacClone.lua macAddrClone command injection

A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\controller\api\zrMacClone.lua. The manipulation of the argument macType results in command injection. The attack may be launched remotely. The exploit has been released...

CVE-2026-1802

Summary (CVE-2026-1802) : Ziroom ZHOME A0101 (version 1.0.1.0) is affected by a command injection in the macAddrClone function from luci/controller/api/zrMacClone.lua, caused by unsafe handling of the macType argument. This enables remote exploitation as described in multiple sources. The exploit...

CVE-2025-67482

Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This issue affects Scribunto: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from before...

CVE-2025-67482 Lua segfault in unpack()

Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This issue affects Scribunto: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from before...

CVE-2025-67482

Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This issue affects Scribunto: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from before...

EUVD-2025-206760

Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This issue affects Scribunto: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from before...

CVE-2025-67482

CVE-2025-67482 is a vulnerability in the Wikimedia Scribunto extension and its luasandbox, described as a Segfault in unpack() when handling large integers on certain Lua builds. Affected versions include Scribunto prior to 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox prior to fea2304f8f6ab3031436...

CVE-2025-67482 Lua segfault in unpack()

Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This issue affects Scribunto: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from before...

PT-2026-6504

Skipper is vulnerable to arbitrary code execution through lua filters in github.com/zalando/skipper...

Ziroom ZHOME A0101 命令注入漏洞

Ziroom ZHOME A0101 is a smart home hardware device developed by Ziroom Corporation. The version 1.0.1.0 of Ziroom ZHOME A0101 contains a command injection vulnerability. This vulnerability stems from the improper handling of the parameter “macType” in the “macAddrClone” function within the file...

Wikimedia Scribunto 安全漏洞

Wikimedia Scribunto is a scripting development tool provided by the Wikimedia Foundation. There are security vulnerabilities in Wikimedia Scribunto and luasandbox, which stem from defects in the files includes/Engines/LuaCommon/lualib/mwInit.Lua and library.C. The following products and versions...

EUVD-2020-30945

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the...

EulerOS Virtualization 2.10.0 : syslinux (EulerOS-SA-2026-1199)

According to the versions of the syslinux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by...

CVE-2020-37032

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the...

CVE-2020-37032

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the...

CVE-2020-37032

Wing FTP Server 6.3.8 is affected by a remote code execution flaw in the Lua-based web console. The issue allows authenticated users to send crafted POST requests that trigger operating system commands via os.execute(), enabling arbitrary code execution on the server. Affected component: Lua-base...

CVE-2020-37032

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the...

CVE-2020-37032 Wing FTP Server 6.3.8 - Remote Code Execution

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the...