EUVD-2025-22353

Malicious code in bioql PyPI...

CVE-2025-51479

Authorization bypass in updateusergroup in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the /api/manage/admin/user-group/id endpoint, bypassing intended curator-group assignment checks...

CVE-2025-51479

Onyx Enterprise Edition 0.27.0 exposes an authorization bypass in the update_user_group function of onyx-dot-app. Remote authenticated attackers can modify arbitrary user groups by sending crafted PATCH requests to /api/manage/admin/user-group/id, bypassing curator-group assignment checks. Docume...

PT-2025-30450 · Unknown · Onyx Enterprise Edition

Name of the Vulnerable Software and Affected Versions: Onyx Enterprise Edition version 0.27.0 Description: An authorization bypass exists in the update user group function within onyx-dot-app Onyx Enterprise Edition. This allows remote authenticated attackers to modify arbitrary user groups by...

CVE-2025-51479

Authorization bypass in updateusergroup in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the /api/manage/admin/user-group/id endpoint, bypassing intended curator-group assignment checks...

CVE-2022-41688

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to th...