Crafter CMS has Improper Control of Dynamically-Managed Code Resources

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

Improper Control of Dynamically-Managed Code Resources

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the workflow expression evaluation system. An authenticated attacker can execute arbitrary code with the privileges of the underlying...

Ivanti Endpoint Manager 安全漏洞

Ivanti Endpoint Manager EPM is a suite of endpoint security managers from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Endpoint Manager EPM versions prior to 2024 SU4 SR1, which stems from improper control of dynamically managed code resources and could lead to remote code...

CVE-2025-26405

Improper control of dynamically-managed code resources for some IntelR NPU Drivers within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...

Siemens SIMATIC Devices Improper Control of a Resource Through its Lifetime (CVE-2024-57901)

afpacket: vlangetprotocoldgram vs MSGPEEK Blamed allowing a crash. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503805; scriptversion"1.1";...

Siemens SIMATIC Devices Improper Control of Resource Identifiers (CVE-2024-26820)

hvnetvsc: Register VF in netvscprobe if NETDEVICEREGISTER missed. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503418; scriptversion"1.2";...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Control of a Resource Through its Lifetime (CVE-2024-47713)

wifi: mac80211: vulnerability caused by implementing a two-phase skb reclamation in ieee80211dostop to avoid warnings and potential issues caused by calling devqueuexmit with interrupts disabled. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...

CVE-2020-5743

Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission...

CVE-2025-2125

A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...

CVE-2025-1575

A vulnerability classified as problematic has been found in Harpia DiagSystem 12. Affected is an unknown function of the file /diagsystem/PACS/atualatendimentojpeg.php. The manipulation of the argument cod/codexame leads to improper control of resource identifiers. It is possible to launch the...

CVE-2024-5706 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')

The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. CWE-99 Hitachi Vantara Pentaho Data Integration & Analytics versions before...

Improper Control Of A Resource Through Its Lifetime

github.com/cosmos/cosmos-sdk is vulnerable to Improper Control of a Resource Through its Lifetime. The x/crisis module is supposed to allow anyone to halt a chain in event of any violation. The vulnerability is caused due to x/crisis module, which does not halt the chain as expected upon an...

Abstrium Pydio Cells 安全漏洞

Abstrium Pydio Cells is a next-generation file-sharing platform developed in the Go language by French company Abstrium. A security vulnerability exists in Abstrium Pydio Cells version 4.2.0 that stems from improper control of resource identifiers...

Fortinet FortiEDR 安全漏洞

Fortinet FortiEDR is a built-from-scratch endpoint security solution from Fortinet, Inc. A security vulnerability exists in Fortinet FortiEDR CollectorWindows versions 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, and 5.1.0 that stems from improper control of resources...

CVE-2021-38463

The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory buffers using API functions...

CVE-2020-5743

This entry documents CVE-2020-5743 affecting TCExam 14.2.2. The vulnerability is described as improper access control (improper control of resource identifiers) that lets a remote, authenticated attacker access test metadata they should not be able to view. The connected records consistently iden...