CVE-2025-62797

FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authoriz...

CVE-2025-62797 CSRF in FluxCP account endpoints allows account takeover / state-changing actions

FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authoriz...

CVE-2025-62797 CSRF in FluxCP account endpoints allows account takeover / state-changing actions

FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authoriz...

PT-2025-44329

Name of the Vulnerable Software and Affected Versions FluxCP affected versions not specified Description FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF issue exists in the website template used by multiple rAthena/Ragnarok server...

CVE-2025-62170

CVE-2025-62170 affects the rAthena map-server, specifically the RODEX functionality. A use-after-free in versions prior to commit af2f3ba enables an unauthenticated attacker to trigger a denial of service by crashing the map-server in a targeted scenario. The issue has been patched in commit af2f...

EUVD-2025-34076

rAthena is an open-source cross-platform MMORPG server. A use-after-free vulnerability exists in the RODEX functionality of rAthena's map-server in versions prior to commit af2f3ba. An unauthenticated attacker can exploit this vulnerability via a specific attacking scenario to cause a denial of...

CVE-2025-62170 rAthena map-server use-after-free vulnerability in RODEX

rAthena is an open-source cross-platform MMORPG server. A use-after-free vulnerability exists in the RODEX functionality of rAthena's map-server in versions prior to commit af2f3ba. An unauthenticated attacker can exploit this vulnerability via a specific attacking scenario to cause a denial of...

CVE-2025-62170 rAthena map-server use-after-free vulnerability in RODEX

rAthena is an open-source cross-platform MMORPG server. A use-after-free vulnerability exists in the RODEX functionality of rAthena's map-server in versions prior to commit af2f3ba. An unauthenticated attacker can exploit this vulnerability via a specific attacking scenario to cause a denial of...

rAthena 资源管理错误漏洞

rAthena is a cross-platform MMORPG server open-sourced by rAthena. A resource management error vulnerability exists in previous versions of rAthena af2f3ba, which stems from a post-release reuse issue in the RODEX functionality that could lead to a denial of service attack...

PT-2025-41797

Name of the Vulnerable Software and Affected Versions rAthena versions prior to commit af2f3ba Description rAthena is an open-source cross-platform MMORPG server. A use-after-free issue exists in the RODEX functionality of rAthena’s map-server. An unauthenticated attacker can exploit this issue v...

EUVD-2022-51766

Malicious code in bioql PyPI...

EUVD-2024-41607

Malicious code in bioql PyPI...

CVE-2025-58750

rAthena is an open-source cross-platform massively multiplayer online role playing game MMORPG server. Versions prior to commit 0cc348b are missing a bound check in chclifparsemoveCharSlot that can result in reading and writing out of bounds using input from the user. The problem has been fixed i...

CVE-2025-58448

rAthena is an open-source cross-platform massively multiplayer online role playing game MMORPG server. Versions prior to commit 0d89ae0 have a SQL Injection in the PartyBooking component via WorldName parameter. Commit 0d89ae0 fixes the issue...

CVE-2025-58447

rAthena is an open-source cross-platform massively multiplayer online role playing game MMORPG server. Versions prior to commit 2f5248b have a heap-based buffer overflow in the login server, remote attacker to overwrite adjacent session fields by sending a crafted CASSOLOGINREQ with an oversized...

CVE-2025-58750

rAthena is an open-source cross-platform massively multiplayer online role playing game MMORPG server. Versions prior to commit 0cc348b are missing a bound check in chclifparsemoveCharSlot that can result in reading and writing out of bounds using input from the user. The problem has been fixed i...

CVE-2025-58448

rAthena is an open-source cross-platform massively multiplayer online role playing game MMORPG server. Versions prior to commit 0d89ae0 have a SQL Injection in the PartyBooking component via WorldName parameter. Commit 0d89ae0 fixes the issue...

CVE-2025-58750

CVE-2025-58750 affects rAthena, an open-source MMORPG server. The vulnerability stems from a missing bounds check in the function chclif_parse_moveCharSlot, allowing out-of-bounds reads/writes via user input in versions prior to commit 0cc348b. The issue is fixed in commit 0cc348b. Impact details...

CVE-2025-58750 rAthena missing bound check in chclif_parse_moveCharSlot

rAthena is an open-source cross-platform massively multiplayer online role playing game MMORPG server. Versions prior to commit 0cc348b are missing a bound check in chclifparsemoveCharSlot that can result in reading and writing out of bounds using input from the user. The problem has been fixed i...

CVE-2025-58750 rAthena missing bound check in chclif_parse_moveCharSlot

rAthena is an open-source cross-platform massively multiplayer online role playing game MMORPG server. Versions prior to commit 0cc348b are missing a bound check in chclifparsemoveCharSlot that can result in reading and writing out of bounds using input from the user. The problem has been fixed i...