Security Vulnerabilities
rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 2f5248b have a heap-based buffer overflow in the login server, remote attacker to overwrite adjacent session fields by sending a crafted `CA_SSO_LOGIN_REQ` with an oversized token length. This leads to immediate denial of service (crash) and it is possible to achieve remote code execution via heap corruption. Commit 2f5248b fixes the issue.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-09-09
rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0d89ae0 have a SQL Injection in the PartyBooking component via `WorldName` parameter. Commit 0d89ae0 fixes the issue.
CVSS Score
9.1
EPSS Score
0.0
Published
2025-09-09
rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0cc348b are missing a bound check in `chclif_parse_moveCharSlot` that can result in reading and writing out of bounds using input from the user. The problem has been fixed in commit 0cc348b.
CVSS Score
8.2
EPSS Score
0.0
Published
2025-09-09
Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-09-09
Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-09-09
Substance3D - Modeler versions 1.22.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is unchanged.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-09-09
Substance3D - Modeler versions 1.22.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is unchanged.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-09-09
Substance3D - Modeler versions 1.22.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is unchanged.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-09-09
Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-09-09
Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network access.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-09-09