Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lua lua vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-33531
cdbattags lua-resty-jwt 0.2.3 allows malicious users to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM.
9.8
CVSSv3
CVE-2020-11722
Dungeon Crawl Stone Soup (aka DCSS or crawl) prior to 0.25 allows remote malicious users to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.
Dungeon Crawl Stone Soup Project Dungeon Crawl Stone Soup
9.8
CVSSv3
CVE-2018-8073
Yii 2.x prior to 2.0.15 allows remote malicious users to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension.
Yiiframework Yii
NA
CVE-2014-1645
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x prior to 2.3.2.110 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Symantec Liveupdate Administrator 2.2.1
Symantec Liveupdate Administrator 2.2.2.9
Symantec Liveupdate Administrator 2.3.1
Symantec Liveupdate Administrator
Symantec Liveupdate Administrator 2.1.0
Symantec Liveupdate Administrator 2.1.2
Symantec Liveupdate Administrator 2.1.3
Symantec Liveupdate Administrator 2.2.2
Symantec Liveupdate Administrator 2.3.0
9.8
CVSSv3
CVE-2018-11482
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.
Tp-link Ipc Tl-ipc223\\(p\\)-6 Firmware
Tp-link Tl-ipc323k-d Firmware
Tp-link Tl-ipc325\\(kp\\) Firmware
Tp-link Tl-ipc40a-4 Firmware
6.1
CVSSv3
CVE-2013-1951
A cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.19.5 and 1.20.x prior to 1.20.4 and allows remote malicious users to inject arbitrary web script or HTML via Lua function names.
Mediawiki Mediawiki
Debian Debian Linux 10.0
Debian Debian Linux 9.0
8.8
CVSSv3
CVE-2019-19117
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.
Phicomm K2\\(psg1218\\) Firmware 22.5.9.163
5.3
CVSSv3
CVE-2019-20807
In Vim prior to 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
Vim Vim
Debian Debian Linux 9.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Apple Mac Os X 10.13.6
Apple Mac Os X 10.14.6
Starwindsoftware Command Center 2
Starwindsoftware San \\& Nas 1.0
1 Article
8.6
CVSSv3
CVE-2017-11615
A sandbox escape in the Lua interface in Wube Factorio prior to 0.15.31 allows remote game servers or user-assisted malicious users to execute arbitrary C code by including and loading a C library.
Factorio Factorio
7.5
CVSSv3
CVE-2022-29266
In APache APISIX prior to 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information.
Apache Apisix
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »