Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lua lua vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2022-35978
Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua enviro...
Minetest Minetest
8.8
CVSSv3
CVE-2022-24834
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua sc...
Redis Redis
Fedoraproject Fedora 37
Fedoraproject Fedora 38
1 Github repository
8.8
CVSSv3
CVE-2018-1999023
The Battle for Wesnoth Project version 1.7.0 up to and including 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, netwo...
Wesnoth The Battle For Wesnoth
7.5
CVSSv3
CVE-2022-20767
A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of the DN...
Cisco Firepower Threat Defense 7.1.0
Cisco Firepower Threat Defense
9.8
CVSSv3
CVE-2023-27224
An issue found in NginxProxyManager v.2.9.19 allows an malicious user to execute arbitrary code via a lua script to the configuration file.
Jc21 Nginx Proxy Manager 2.9.19
8.8
CVSSv3
CVE-2013-4863
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote malicious users to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a...
Micasaverde Veralite Firmware 1.5.408
2 EDB exploits
1 Github repository
7.2
CVSSv3
CVE-2022-28223
Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin.
Tekon Kio Firmware
Tekon Kio-1m Firmware
Tekon Kio-2mrs Firmware
Tekon Kio-2m Firmware
Tekon Kio-2ms Firmware
Tekon Kio-2md Firmware
Tekon Kio-8\\(4\\) Firmware
Tekon Kio-8\\(4\\)l Firmware
9.8
CVSSv3
CVE-2023-52252
Unified Remote 3.13.0 allows remote malicious users to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.
Unifiedremote Unified Remote 3.13.0
NA
CVE-2024-31714
Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows an malicious user to cause a denial of service via the Lua library component.
9.8
CVSSv3
CVE-2023-23551
Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an malicious user to remotely execute arbitrary code.
Controlbyweb X-600m Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »