CVE-2026-24821

CVE-2026-24821 is an out-of-bounds read affecting WickedEngine (WickedEngine/LUA modules), linked to the lparser.C file. Affected binary range is WickedEngine up to version 0.71.727. Documentation consistently describes the issue across NVD, Red Hat, OSV, Circl, and CVE listings; no explicit expl...

CVE-2026-24821 A heap-based buffer over-read that might affect a system that compiles untrusted Lua code in turanszkij/WickedEngine.

Out-of-bounds Read vulnerability in turanszkij WickedEngine WickedEngine/LUA modules. This vulnerability is associated with program files lparser.C. This issue affects WickedEngine: through 0.71.727...

CVE-2026-24818 A heap-based buffer over-read that might affect a system that compiles untrusted Lua code in praydog/UEVR

Out-of-bounds Read vulnerability in praydog UEVR dependencies/lua/src modules. This vulnerability is associated with program files lparser.C. This issue affects UEVR: before 1.05...

CVE-2026-24818 A heap-based buffer over-read that might affect a system that compiles untrusted Lua code in praydog/UEVR

Out-of-bounds Read vulnerability in praydog UEVR dependencies/lua/src modules. This vulnerability is associated with program files lparser.C. This issue affects UEVR: before 1.05...

PT-2026-3320

Name of the Vulnerable Software and Affected Versions Skipper versions prior to 0.23.0 Description Skipper is an HTTP router and reverse proxy for service composition. The default configuration before version 0.23.0, specifically -lua-sources=inline,file, allowed untrusted users to create Lua...

EUVD-2025-198295

Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...

CVE-2025-12120 CVE-2025-12120

Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...

CVE-2025-52938 Potential heap-based buffer over-read vulnerability in NotepadNext

Out-of-bounds Read vulnerability in dail8859 NotepadNext src/lua/src modules. This vulnerability is associated with program files lparser.C. This issue affects NotepadNext: through v0.11. The singlevar in lparser.c lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read th...

CVE-2025-52938 Potential heap-based buffer over-read vulnerability in NotepadNext

Out-of-bounds Read vulnerability in dail8859 NotepadNext src/lua/src modules. This vulnerability is associated with program files lparser.C. This issue affects NotepadNext: through v0.11. The singlevar in lparser.c lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read th...

CVE-2022-28805

singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code...