CVE-2025-58447 rAthena has heap-based buffer overflow in login server

rAthena is an open-source cross-platform massively multiplayer online role playing game MMORPG server. Versions prior to commit 2f5248b have a heap-based buffer overflow in the login server, remote attacker to overwrite adjacent session fields by sending a crafted CASSOLOGINREQ with an oversized...

PT-2025-36992

Name of the Vulnerable Software and Affected Versions: rAthena versions prior to commit 0d89ae0 Description: rAthena is an open-source cross-platform massively multiplayer online role playing game MMORPG server. A SQL Injection exists in the PartyBooking component via the WorldName parameter...

In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.

...

Linux Distros Unpatched Vulnerability : CVE-2020-24978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In NASM 2.15.04rc3, there is a double-free vulnerability in pptokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7...

Linux Distros Unpatched Vulnerability : CVE-2018-1999010

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in...

CVE-2025-54872

onion-site-template is a complete, scalable tor hidden service self-hosting sample. Versions which include commit 3196bd89 contain a baked-in tor image if the secrets were copied from an existing onion domain. A website could be compromised if a user shared the baked-in image, or if someone were...

Linux Distros Unpatched Vulnerability : CVE-2021-47427

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix iscsitask use after free Commit d39df158518c scsi: iscsi: Have abort handle...

CVE-2025-54872

onion-site-template is a complete, scalable tor hidden service self-hosting sample. Versions which include commit 3196bd89 contain a baked-in tor image if the secrets were copied from an existing onion domain. A website could be compromised if a user shared the baked-in image, or if someone were...

CVE-2025-54430

dedupe is a python library that uses machine learning to perform fuzzy matching, deduplication and entity resolution quickly on structured data. Before commit 3f61e79, a critical severity vulnerability has been identified within the .github/workflows/benchmark-bot.yml workflow, where a issuecomme...

CVE-2025-54430

CVE-2025-54430 affects the Deduplicate (dedupe) Python library. The issue resides in the GitHub Actions workflow .github/workflows/benchmark-bot.yml, where an issue_comment can trigger and cause untrusted code to run because the workflow checks out the PR branch via ${{ github.event.issue.number ...

CVE-2025-54430 dedupe is vulnerable to secret exfiltration via `issue_comment`

dedupe is a python library that uses machine learning to perform fuzzy matching, deduplication and entity resolution quickly on structured data. Before commit 3f61e79, a critical severity vulnerability has been identified within the .github/workflows/benchmark-bot.yml workflow, where a issuecomme...

CVE-2025-53903

The Scratch Channel is a news website that is under development as of time of this writing. The file /api/users.js doesn't properly sanitize text box inputs, leading to a potential vulnerability to cross-site scripting attacks. Commit 90b39eb56b27b2bac29001abb1a3cac0964b8ddb addresses this issue...

CVE-2025-53546

Folo organizes feeds content into one timeline. Using pullrequesttarget on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets from the base repo. By exploiting the vulnerability is possible to...

Uninitialized read after allocating MemBump

The affected function, MemBump::new, would allocate memory without initializing it. Subsequently calling the created value's various alloc methods would then read and write the start of that memory as a Cell which is undefined behavior. Instead, it should zero initialize the start of the allocate...

UBUNTU-CVE-2025-53630

llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the ggufinitfromfileimpl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579...

CVE-2025-53546

CVE-2025-53546 affects Folo. The vulnerability arises from using pull_request_target in the GitHub Actions workflow (.github/workflows/auto-fix-lint-format-commit.yml), allowing untrusted code in the base repository to access secrets. Exploitation can exfiltrate the GITHUB_TOKEN, which has high p...

CVE-2022-50165

CVE-2022-50165 affects the Linux kernel wifi/wil6210 debugfs, where a logic error in wil_write_file_wmi() stems from a commit that changed simple_write_to_buffer() to memdup_user() but did not adjust the return value, leaving rc uninitialized and returning rc. The fix is to return the length when...

CVE-2024-30268

Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit...

CVE-2021-32816

ProtonMail Web Client is the official AngularJS web client for the ProtonMail secure email service. ProtonMail Web Client before version 3.16.60 has a regular expression denial-of-service vulnerability. This was fixed in commit 6687fb. There is a full report available in the referenced...

CVE-2018-1000660

TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains a Insecure Permissions vulnerability in Function getpackagename in the file kernel/src/tbfheader.rs, variable "pub packagename: &'static str," in the file process.r...