openSUSE Security Advisory (SUSE-SU-2025:01878-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2025-1670)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2025-1394)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2025:1511-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-11137

An Insecure Direct Object Reference IDOR vulnerability exists in the PATCH /v1/runs/:id/score endpoint of lunary-ai/lunary version 1.6.0. This vulnerability allows an attacker to update the score data of any run by manipulating the id parameter in the request URL, which corresponds to the...

CVE-2024-11137 IDOR Vulnerability in PATCH `/v1/runs/:id/score` Endpoint in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability exists in the PATCH /v1/runs/:id/score endpoint of lunary-ai/lunary version 1.6.0. This vulnerability allows an attacker to update the score data of any run by manipulating the id parameter in the request URL, which corresponds to the...

Medium: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13,...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2025-1062)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IDOR Vulnerability in PATCH `/v1/runs/:id/score` Endpoint Allows Unauthorized Score Updates for Other Users’ Runs

Description An Insecure Direct Object Reference IDOR vulnerability exists in the PATCH /v1/runs/:id/score endpoint. This endpoint allows an attacker to update the score data of any run by manipulating the id parameter in the request URL, which corresponds to the runIdscore in the database. The...

Upgraded Q -> 2 from #659 [1699030291397]

Judge has assessed an item in Issue 659 as 2 risk. The relevant finding follows: L-01 updateScores will result in DoS if pass a user with an already updated score Impact If updateScores is called for a user who is already updated in the same round, the function will misbehave, causing it to repea...

Quake 2 Lithium Mod V 1.24 Macro Expansion Vuln?

Well I ran quake 2 using Lithium mod V 1.24 under OllyDBG and it seems that the lithium II mod for quake 2 latest PATCH 3.20 is parsing the '' in nicks. My well crafted nickname '999fffff' is being pushed onto the stack as 004144A1 |. 68 E821AF00 PUSH QUAKE2.00AF21E8 ; ASCII "0.000000 0.000000...