VYPR
Vendor

Factorio

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2024-39840HigJun 29, 2024
    risk 0.57cvss 8.8epss 0.01

    Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects.

  • CVE-2017-11615HigJul 26, 2017
    risk 0.56cvss 8.6epss 0.01

    A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 allows remote game servers or user-assisted attackers to execute arbitrary C code by including and loading a C library.

  • CVE-2021-25985HigNov 16, 2021
    risk 0.51cvss 7.8epss 0.01

    In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application. In addition, user sessions are stored in the browser’s local storage, which by default does not have an expiration time. This…

  • CVE-2021-25984MedNov 16, 2021
    risk 0.40cvss 6.1epss 0.01

    In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting (XSS) at the “post reply” section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies.