5 matches found
EUVD-2025-4182
Malicious code in bioql PyPI...
CVE-2025-26370
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove privileges from user groups via crafted HTTP requests...
CVE-2025-26369
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to add privileges to user groups via crafted HTTP requests...
CVE-2025-26369
CVE-2025-26369 affects Q-Free MaxTime (MaxTime 2.11.0 and earlier). The issue is a CWE-862 Missing Authorization in maxprofile/user-groups/routes.lua, enabling an authenticated (low-privileged) attacker to add privileges to user groups via crafted HTTP requests. The underlying root cause is missi...
IBM DB2 - Shared Library Injection
source: https://www.securityfocus.com/bid/8346/info IBM DB2 ships with a number of shared libraries, stored in a directory owned by the user and group 'bin'. As setuid root utilities are linked to these libraries, their ownership by a user and group of a lower privilege level constitutes a...