VYPR

Lite XL

by Lite XL

CVEs (2)

  • CVE-2025-12121Nov 20, 2025
    risk 0.00cvss epss 0.00

    Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function was used in project directory launching (core.lua), drag-and-drop file handling…

  • CVE-2025-12120Nov 20, 2025
    risk 0.00cvss epss 0.00

    Lite XL versions 2.1.8 and prior automatically execute the .lite_project.lua file when opening a project directory, without prompting the user for confirmation. The .lite_project.lua file is intended for project-specific configuration but can contain executable Lua logic. This…