Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

ImageMagick: Policy Bypass in PSD decoder

Due to a missing check in the PSD decoder it would be possible to bypass the list-length resource policy when decoding a PSD image. Other security limits would still apply...

CVE-2025-14778

A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService UMA Protection API. When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's ownership against the first...

PT-2026-7127

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A Broken Access Control issue exists within the UserManagedPermissionService UMA Protection API. Specifically, when updating or deleting a UMA policy linked to multiple resources, the system...

EUVD-2025-203381

The Convercent Whistleblowing Platform operated by EQS Group contains a protection mechanism failure in its browser and session handling. By default, affected deployments omit HTTP security headers such as Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy,...

PT-2025-51235

Name of the Vulnerable Software and Affected Versions Convercent Whistleblowing Platform versions affected versions not specified Description The application exhibits a protection mechanism failure in browser and session handling. It lacks essential HTTP security headers, including...

CVE-2025-34413 Legality WHISTLEBLOWING Missing Critical HTTP Security Headers

Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and...

CVE-2025-34413

CVE-2025-34413 affects DigitalPA Legality WHISTLEBLOWING. The protection mechanism failure is due to omission of critical HTTP security headers by default: Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and Cross-Origin-Reso...

EUVD-2020-12234

Malware in sbrugna...

CVE-2020-1358

An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Resource Policy Information Disclosure Vulnerability'...

Arbitrary Command Injection

Overview @cdklabs/cdk-proserve-lib is an AWS CDK library containing constructs, aspects, and patterns. Affected versions of this package are vulnerable to Arbitrary Command Injection due to forgetting to export the new Aspect. An attacker can compromise insecure resource policy settings,...

CVE-2024-34731

In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-37131

SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy CORP vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated use...

CVE-2024-37131

SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy CORP vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated use...

CVE-2024-37131

The CVE-2024-37131 affects Dell SCG/Policy Manager across versions, due to an overly permissive Cross-Origin Resource Policy (CORP). A remote, unauthenticated attacker could perform actions in an authenticated user’s context. Public details confirm the vulnerability and its impact; remediation is...

CVE-2024-37131

SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy CORP vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated use...

Microsoft Windows Resource Policy Component Information Disclosure Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An information disclosure vulnerability exists in the Microsoft Windows Resource Policy...

CVE-2020-1358

An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Resource Policy Information Disclosure Vulnerability'...

CVE-2020-1358

An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Resource Policy Information Disclosure Vulnerability'...

Information disclosure

An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Resource Policy Information Disclosure Vulnerability'...