EUVD-2026-38111

Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...

CVE-2026-12673

Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...

CVE-2026-12673

Summary: Liquidfiles before 4.2.12 has a broken access control vulnerability that allows privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in the managed secondary (non-default) group. Affected product/version: Liquidfiles

EUVD-2017-5503

Malware in sbrugna...

EUVD-2010-4189

Malware in sbrugna...

EUVD-2018-8966

Malware in sbrugna...

EUVD-2017-9244

Malware in sbrugna...

EUVD-2017-6446

Malware in sbrugna...

EUVD-2025-22353

Malicious code in bioql PyPI...

CVE-2025-51479

Onyx Enterprise Edition 0.27.0 exposes an authorization bypass in the update_user_group function of onyx-dot-app. Remote authenticated attackers can modify arbitrary user groups by sending crafted PATCH requests to /api/manage/admin/user-group/id, bypassing curator-group assignment checks. Docume...

CVE-2025-51479

Authorization bypass in updateusergroup in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the /api/manage/admin/user-group/id endpoint, bypassing intended curator-group assignment checks...

CVE-2025-51479

Authorization bypass in updateusergroup in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the /api/manage/admin/user-group/id endpoint, bypassing intended curator-group assignment checks...

PT-2025-30450 · Unknown · Onyx Enterprise Edition

Name of the Vulnerable Software and Affected Versions: Onyx Enterprise Edition version 0.27.0 Description: An authorization bypass exists in the update user group function within onyx-dot-app Onyx Enterprise Edition. This allows remote authenticated attackers to modify arbitrary user groups by...

CVE-2025-26371

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to add users to groups via crafted HTTP requests...

CVE-2024-56335 Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's...

Zabbix 授权问题漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix suffers from an authorization issue vulnerability that stems from the fact that a user with endpoint access to the user.update AP...

CVE-2022-41688

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to th...

CVE-2022-41746

A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in...

Microsoft Windows: Audit Application Group Management

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winapplicationgroupmanagement.nasl 11068 2018-08-21 11:51:41Z emoss $ Check value for Audit Application Group Management Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This...

Scientific Linux Security Update : systemtap on SL5.x i386/x86_64

It was discovered that staprun did not properly sanitize the environment before executing the modprobe command to load an additional kernel module. A local, unprivileged user could use this flaw to escalate their privileges. CVE-2010-4170 It was discovered that staprun did not check if the module...