EUVD-2017-18920

Valve's Source SDK source-sdk-2013's ragdoll model parsing logic contains a stack-based buffer overflow vulnerability.The tokenizer function nexttoken copies characters from an input string into a fixed-size stack buffer without performing bounds checks. When ParseKeyValue processes a collisionpa...

CVE-2017-20205 Valve Source SDK Stack-Based Buffer Overflow RCE

Valve's Source SDK source-sdk-2013's ragdoll model parsing logic contains a stack-based buffer overflow vulnerability.The tokenizer function nexttoken copies characters from an input string into a fixed-size stack buffer without performing bounds checks. When ParseKeyValue processes a collisionpa...

ogre 安全漏洞

ogre is a scene-oriented 3D engine open-sourced by OGRECave. A security vulnerability exists in ogre 14.4.1 and earlier versions, which originates from a heap buffer overflow in the STBIImageCodec::encode function in the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp, which could lead to a...

Important: Red Hat Security Advisory: mod_security security update

An update for modsecurity is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2021-30481

Valve Steam before 2021-04-17, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click...

CVE-2025-27135 RAGFlow SQL Injection vulnerability

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available...

CVE-2025-27135

RAGFlow (open-source Retrieval-Augmented Generation engine) is affected by CVE-2025-27135. Versions 0.15.1 and earlier are vulnerable due to the ExeSQL component, which extracts SQL statements from input and sends them directly to the database query, enabling SQL injection. Reported impact is hig...

CVE-2025-25282 Potential Insecure Direct Object Reference (IDOR) vulnerability in ragflow

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability that may lead to unauthorized cross-tenant access list tenant user accounts, add user account into...

[SECURITY] Fedora 40 Update: suricata-7.0.8-1.fc40

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries

Cybersecurity researchers have discovered a new botnet malware family called Gorilla aka GorillaBot that draws its inspiration from the leaked Mirai botnet source code. Cybersecurity firm NSFOCUS, which identified the activity last month, said the botnet "issued over 300,000 attack commands, with...

CVE-2021-30481

Valve Steam before 2021-04-17, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click...

Buffer overflow

Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click...

CVE-2021-30481

Valve Steam before 2021-04-17, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click...

PT-2021-18753 · Valve · Valve Steam +1

Name of the Vulnerable Software and Affected Versions: Valve Steam through 2021-04-10 Description: The issue allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click when a Source engine game is installed. This is...

Valve: Signedness issue in ClassInfo message handler leads to RCE on CS:GO client

Title: Signedness issue in ClassInfo message handler leads to RCE on CS:GO client Scope: csgo.exe Weakness: Array Index Underflow Severity: Critical 9.6 Link: https://hackerone.com/reports/876719 Date: 2020-05-17 20:31:35 +0000 By: @chaynik Details: Vulnerability ------------- CSVCMsgClassInfo...

Counter-Strike CS:GO BuildID: 4937372 - Arbitrary Code Execution Exploit

Exploit Title: Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution Date: 2020-04-27 Exploit Author: 0xEmma/BugByte/SebastianPC Vendor Homepage: https://www.valvesoftware.com/en/ Version: Source Engine, Tested on CS:GO BuildID: 4937372 TF2 BuildID: 4871679 Garry's Mod BuildID: 4803834...

Source Engine CS:GO Build 4937372 Arbitrary Code Execution

Exploit Title: Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution Date: 2020-04-27 Exploit Author: 0xEmma/BugByte/SebastianPC Vendor Homepage: https://www.valvesoftware.com/en/ Version: Source Engine, Tested on CS:GO BuildID: 4937372 TF2 BuildID: 4871679 Garry's Mod BuildID: 4803834...

Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution

Exploit Title: Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution Date: 2020-04-27 Exploit Author: 0xEmma/BugByte/SebastianPC Vendor Homepage: https://www.valvesoftware.com/en/ Version: Source Engine, Tested on CS:GO BuildID: 4937372 TF2 BuildID: 4871679 Garry's Mod BuildID: 4803834...

Valve Confirms CS:GO, Team Fortress 2 Source-Code Leak

The discovery of leaked source code for two popular games – Counter-Strike: Global Offensive CS:GO and Team Fortress 2 – has led to security concerns and even calls for gamers to uninstall the software from their computers. The developer and publisher of the two games, Valve, is downplaying the...

Valve: OOB reads in network message handlers leads to RCE

Vulnerability In Source engine games there are many network messages sent from the server to the client that take an entity index. There is a common pattern among many of these messages for the lower bounds of the entity index to be checked but not the upper bounds. In many cases these out of bou...