260 matches found
CVE-2025-26371
CVE-2025-26371 affects Q-Free MaxTime
CVE-2025-26370
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove privileges from user groups via crafted HTTP requests...
CVE-2025-26370
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove privileges from user groups via crafted HTTP requests...
CVE-2025-26370
The CVE-2025-26370 vulnerability affects Q-Free MaxTime
CVE-2025-26368
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove user groups via crafted HTTP requests...
CVE-2025-26368
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove user groups via crafted HTTP requests...
CVE-2025-26368
CVE-2025-26368 affects Q-Free MaxTime
CVE-2025-26367
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to create arbitrary user groups via crafted HTTP requests...
CVE-2025-26367
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to create arbitrary user groups via crafted HTTP requests...
CVE-2025-26367
CVE-2025-26367 affects Q-Free MAXTIME Suite (MaxTime)
Q-Free MAXTIME Suite 安全漏洞
Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that originates from a missing authorization in maxprofile/user-groups/routes.lua. An attacker could exploit the...
Q-Free MAXTIME Suite 安全漏洞
Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a missing authorization in maxprofile/user-groups/routes.lua. An attacker exploiting this...
Q-Free MAXTIME Suite 安全漏洞
Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that originates from a missing authorization in maxprofile/user-groups/routes.lua. An attacker could exploit the...
PT-2025-7159 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: A missing authorization issue in maxprofile/user-groups/routes.lua allows an authenticated, low-privileged attacker to remove privileges from user groups via crafted HTTP requests...
PT-2025-7160 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authorization, allowing an authenticated attacker with low privileges to add users to groups via crafted HTTP requests. This is due to a problem in the...
Q-Free MAXTIME Suite 安全漏洞
Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that originates from a missing authorization in maxprofile/user-groups/routes.lua. An attacker can exploit the...
CVE-2022-41688
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to th...
CVE-2024-52869
Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server SLES 12 Service Pack SP 2 or 3 to SLES 15 SP2 on Teradata Database systems, some...
CVE-2024-36467 Authentication privilege escalation via user groups due to missing authorization checks
An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...
CVE-2024-36467 Authentication privilege escalation via user groups due to missing authorization checks
An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...