335 matches found
CVE-2025-26375
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to create users with arbitrary privileges via crafted HTTP requests...
CVE-2025-26374
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua users endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to enumerate users via crafted HTTP requests...
CVE-2025-26374
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua users endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to enumerate users via crafted HTTP requests...
CVE-2025-26374
CVE-2025-26374 affects Q-Free MaxTime ≤ 2.11.0. The issue is CWE-862 Missing Authorization in maxprofile/users/routes.lua, enabling an authenticated low-priv attacker to enumerate users via crafted HTTP requests. Impact: potential disclosure of user identities; mitigation/patch details are not pr...
CVE-2025-26373
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua user endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to enumerate users via crafted HTTP requests...
CVE-2025-26373
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua user endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to enumerate users via crafted HTTP requests...
CVE-2025-26372
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove users from groups via crafted HTTP requests...
CVE-2025-26371
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to add users to groups via crafted HTTP requests...
CVE-2025-26371
CVE-2025-26371 affects Q-Free MaxTime
CVE-2025-26371
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to add users to groups via crafted HTTP requests...
CVE-2025-26370
The CVE-2025-26370 vulnerability affects Q-Free MaxTime
CVE-2025-26370
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove privileges from user groups via crafted HTTP requests...
CVE-2025-26370
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove privileges from user groups via crafted HTTP requests...
CVE-2025-26369
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to add privileges to user groups via crafted HTTP requests...
CVE-2025-26369
CVE-2025-26369 affects Q-Free MaxTime (MaxTime 2.11.0 and earlier). The issue is a CWE-862 Missing Authorization in maxprofile/user-groups/routes.lua, enabling an authenticated (low-privileged) attacker to add privileges to user groups via crafted HTTP requests. The underlying root cause is missi...
CVE-2025-26368
CVE-2025-26368 affects Q-Free MaxTime
CVE-2025-26368
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove user groups via crafted HTTP requests...
CVE-2025-26368
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove user groups via crafted HTTP requests...
CVE-2025-26367
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to create arbitrary user groups via crafted HTTP requests...
CVE-2025-26367
CVE-2025-26367 affects Q-Free MAXTIME Suite (MaxTime)