CVE-2025-2125

A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...

CVE-2025-2125

A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...

CVE-2025-1645

A vulnerability classified as critical was found in Benner Connecta 1.0.5330. Affected by this vulnerability is an unknown functionality of the file /Usuarios/Usuario/EditarLogado/. The manipulation of the argument Handle leads to improper control of resource identifiers. The attack can be launch...

CVE-2025-1642

A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been declared as critical. This vulnerability affects unknown code of the file /AGE0000700/GetImageMedico?fooId=1. The manipulation of the argument fooId leads to improper control of resource identifiers. The attack can be initiat...

CVE-2025-1575

A vulnerability classified as problematic has been found in Harpia DiagSystem 12. Affected is an unknown function of the file /diagsystem/PACS/atualatendimentojpeg.php. The manipulation of the argument cod/codexame leads to improper control of resource identifiers. It is possible to launch the...

CVE-2024-5706 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')

The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. CWE-99 Hitachi Vantara Pentaho Data Integration & Analytics versions before...

The vulnerabilities of the functions tcp_remove_empty_skb(), tcp_mark_push(), and min_t() in the net/ipv4/tcp.c module of Linux kernel allow a attacker to cause a service failure.

The vulnerabilities of the functions tcpremoveemptyskb, tcpmarkpush, and mint in the net/ipv4/tcp.c module of the Linux operating system’s kernel are related to improper control of resource identifiers. Exploiting these vulnerabilities could allow an attacker to cause service failures...

PT-2025-3987

The CampCodes School Management Software version 1.0 has a security issue in its Attachment Handler component, allowing for improper control of resource identifiers. This can be exploited remotely with a relatively high complexity of attack and is considered difficult to exploit. An exploit has...

SAMSUNG Mobile Processor 安全漏洞

SAMSUNG Mobile Processor is a series of mobile processors from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile Processor that stems from the UE not limiting the number of attempts for the RRC setup process in 5G SA, resulting in a denial of service...

The vulnerability of the HDAudBus_DMA driver interface of the Microsoft High Definition Audio Bus allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the HDAudBusDMA driver interface of the Microsoft High Definition Audio Bus driver is related to insufficient resource control during its existence. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause service failures...

Top AWS re:Invent Announcements for Security Teams in 2024

AWS re:Invent 2024 brought an avalanche of announcements, with over 500 updates since November. Let's spotlight the most impactful ones for security teams, from Resource Control Policies to centrally managed root access...

How to use AWS Resource Control Policies

Unlock the Power of AWS Resource Control Policies: Enforce Security and Streamline Governance Across Your Organization...

The vulnerability of the MediaCMS content management system lies in its lack of measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary operating system commands, gain control over resources, and penetrate the internal network.

The vulnerability of the MediaCMS content management system is related to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands remotely, gain...

Rapid7 Extends AWS Support to Include Coverage for Newly-Launched Resource Control Policies (RCPs)

In today’s cloud-first world, security and innovation go hand-in-hand. Rapid7 is excited to announce our support for Amazon Web Services’ AWS new Resource Control Policies RCPs, a powerful tool designed to bolster security controls for organizations using AWS infrastructure. As a launch partner f...

ROS-20241011-02

Vulnerability of smb2probe function in drivers/power/supply/qcompmi8998charger.c module of power supply driver of Linux kernel is related to pointer dereferencing error. of the Linux kernel power supply driver is related to a pointer dereferencing error. Exploitation the vulnerability could allow...

The vulnerability of the Citrix Workspace App for Windows lies in its insufficient resource control during its existence. This allows attackers to increase their privileges.

The vulnerability of the Citrix Workspace App for Windows relates to insufficient resource control during its existence. Exploiting this vulnerability can allow attackers to enhance their privileges...

GO-2022-0599 Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server

Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server...

CVE-2024-7438

A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument...

CVE-2024-7437

A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of...

PT-2024-27328 · Dell · Dell Powerprotect Dd

Name of the Vulnerable Software and Affected Versions: Dell PowerProtect DD versions prior to 8.0 Dell PowerProtect DD LTS 7.13.1.0 Dell PowerProtect DD LTS 7.10.1.30 Dell PowerProtect DD LTS 7.7.5.40 Description: The issue is related to an Improper Control of a Resource Through its Lifetime...