Lucene search
K

260 matches found

CVE
CVE
added 2025/02/12 1:30 p.m.80 views

CVE-2025-26371

CVE-2025-26371 affects Q-Free MaxTime

8.8CVSS8.5AI score0.0053EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/12 1:30 p.m.7 views

CVE-2025-26370

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove privileges from user groups via crafted HTTP requests...

7.1CVSS6.9AI score0.00352EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/12 1:30 p.m.12 views

CVE-2025-26370

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove privileges from user groups via crafted HTTP requests...

7.1CVSS0.00352EPSS
Exploits0References1
CVE
CVE
added 2025/02/12 1:30 p.m.62 views

CVE-2025-26370

The CVE-2025-26370 vulnerability affects Q-Free MaxTime

7.1CVSS6.9AI score0.00352EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/02/12 1:29 p.m.20 views

CVE-2025-26368

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove user groups via crafted HTTP requests...

8.1CVSS0.00487EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/12 1:29 p.m.9 views

CVE-2025-26368

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove user groups via crafted HTTP requests...

8.1CVSS8AI score0.00487EPSS
Exploits0References1
CVE
CVE
added 2025/02/12 1:29 p.m.71 views

CVE-2025-26368

CVE-2025-26368 affects Q-Free MaxTime

8.1CVSS8AI score0.00487EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/12 1:29 p.m.9 views

CVE-2025-26367

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to create arbitrary user groups via crafted HTTP requests...

4.3CVSS4.7AI score0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/12 1:29 p.m.25 views

CVE-2025-26367

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to create arbitrary user groups via crafted HTTP requests...

4.3CVSS0.00275EPSS
Exploits0References1
CVE
CVE
added 2025/02/12 1:29 p.m.78 views

CVE-2025-26367

CVE-2025-26367 affects Q-Free MAXTIME Suite (MaxTime)

4.3CVSS4.7AI score0.00275EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.4 views

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that originates from a missing authorization in maxprofile/user-groups/routes.lua. An attacker could exploit the...

8.1CVSS6.3AI score0.00487EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.5 views

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a missing authorization in maxprofile/user-groups/routes.lua. An attacker exploiting this...

8.1CVSS6.3AI score0.0038EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.2 views

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that originates from a missing authorization in maxprofile/user-groups/routes.lua. An attacker could exploit the...

8.8CVSS6.3AI score0.0053EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.5 views

PT-2025-7159 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: A missing authorization issue in maxprofile/user-groups/routes.lua allows an authenticated, low-privileged attacker to remove privileges from user groups via crafted HTTP requests...

7.1CVSS6.8AI score0.00352EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.8 views

PT-2025-7160 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authorization, allowing an authenticated attacker with low privileges to add users to groups via crafted HTTP requests. This is due to a problem in the...

8.8CVSS6.3AI score0.0053EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.5 views

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that originates from a missing authorization in maxprofile/user-groups/routes.lua. An attacker can exploit the...

4.3CVSS6.4AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:42 p.m.15 views

CVE-2022-41688

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to th...

9.8CVSS7AI score0.0064EPSS
Exploits0References1
NVD
NVD
added 2025/01/08 9:15 p.m.5 views

CVE-2024-52869

Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server SLES 12 Service Pack SP 2 or 3 to SLES 15 SP2 on Teradata Database systems, some...

6CVSS0.00239EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/27 6:16 a.m.77 views

CVE-2024-36467 Authentication privilege escalation via user groups due to missing authorization checks

An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...

7.5CVSS0.0073EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/27 6:16 a.m.75 views

CVE-2024-36467 Authentication privilege escalation via user groups due to missing authorization checks

An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...

7.5CVSS6.9AI score0.0073EPSS
Exploits1References1
Rows per page
Query Builder