Ramadhanamizudin

**Name of the Vulnerable Software and Affected Versions** Docmost versions 0.21.0 through 0.23.999 **Description** Docmost, an open-source collaborative wiki and documentation software, has a flaw where improper filename validation in the Zip Import Feature (ZipSlip) allows for arbitrary file writing. This occurs in `apps/server/src/integrations/import/utils/file.utils.ts` due to the lack of filename validation. **Recommendations** Update to version 0.24.0 or later.

Name of the Vulnerable Software and Affected Versions: rAthena versions prior to commit 2f5248b Description: rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. A heap-based buffer overflow exists in the login server. Sending a crafted `CA SSO LOGIN REQ` packet with an oversized token length to the server can overwrite adjacent session fields, leading to a denial of service (crash). It may be possible to achieve remote code execution via heap corruption. The vulnerability is triggered by the `CA SSO LOGIN REQ` packet and involves an oversized token length. Recommendations: Update to commit 2f5248b or later.

Name of the Vulnerable Software and Affected Versions: rAthena versions prior to commit 0d89ae0 Description: rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. A SQL Injection exists in the PartyBooking component via the `WorldName` parameter. Recommendations: Update to commit 0d89ae0 or later to resolve the issue.