Lucene search
K

19 matches found

Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.13 views

PT-2026-42827

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions 2026.2.0-rc1 through 2026.2.2 Description The 'PATCH /api/v3/core/users/pk/' API allows a caller with change user permissions on a target user to assign arbitrary groups via...

8.1CVSS6AI score0.00392EPSS
Exploits0References10
CVE
CVE
added 2026/03/23 4:28 p.m.12 views

CVE-2026-33501

Summary (CVE-2026-33501 in WWBN AVideo) : Versions up to 26.0 expose an unauthenticated information disclosure via the Permissions plugin. The endpoint plugin/Permissions/View/Users_groups_permissions/list.json.php returns the full users_groups_permissions table without any authentication/authori...

5.3CVSS5.7AI score0.0043EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/20 8:57 p.m.7 views

AVideo has Unauthenticated Information Disclosure of User Group Permission Mappings via Permissions Plugin

Summary The endpoint plugin/Permissions/View/Usersgroupspermissions/list.json.php lacks any authentication or authorization check, allowing unauthenticated users to retrieve the complete permission matrix mapping user groups to plugins. All sibling endpoints in the same directory add.json.php,...

5.3CVSS5.9AI score0.0043EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-4546

Malware in sbrugna...

4.6CVSS6.4AI score0.00306EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2013-6992

Malware in sbrugna...

6.8CVSS6.4AI score0.02813EPSS
Exploits3References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-3361

Malware in sbrugna...

8.8CVSS9.1AI score0.0322EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/14 2:47 p.m.6 views

CVE-2025-26345

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user group permissions via crafted HTTP requests...

9.8CVSS7.1AI score0.01029EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/12 1:27 p.m.4 views

CVE-2025-26345

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user group permissions via crafted HTTP requests...

9.8CVSS9.6AI score0.01029EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.3 views

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that originates from a missing authorization in maxprofile/user-groups/routes.lua. An attacker can exploit the...

7.1CVSS6.3AI score0.00352EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.5 views

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/menu/routes.lua. An...

9.8CVSS6.7AI score0.01029EPSS
Exploits0References1
Cvelist
Cvelist
added 2013/12/30 3:0 p.m.38 views

CVE-2013-7209

Cross-site request forgery CSRF vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the user group permissions of arbitrary users via a groupsSave action...

7.1AI score0.02813EPSS
Exploits3References3
CVE
CVE
added 2013/12/30 3:0 p.m.52 views

CVE-2013-7209

The CVE-2013-7209 entry concerns JForum (Java-based forum) with a CSRF flaw in the Admin module, specifically admBase/login.page. The vulnerability affects the adminUsers/group permissions flow via the groupsSave action, enabling an attacker to hijack an administrator’s session and cause arbitrar...

6.8CVSS7.4AI score0.02813EPSS
Exploits3References3Affected Software1
seebug.org
seebug.org
added 2009/09/29 12:0 a.m.30 views

Adobe Photoshop Elements 8.0 Active File Monitor Privilege Escalation

No description provided by source. Adobe Photoshop Elements 8.0 Active File Monitor Service Bad Security Descriptor Local Elevation Of Privileges by Nine:Situations:Group::bellick site: http://retrogod.altervista.org/ Tested on Microsoft Windows XP SP3 The "Adobe Active File Monitor V8" service i...

7.1AI score
Exploits0
Prion
Prion
added 2007/08/28 1:17 a.m.19 views

Code injection

Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges...

4.4CVSS7AI score0.00284EPSS
Exploits0References5Affected Software7
NVD
NVD
added 2007/08/28 1:17 a.m.21 views

CVE-2007-4564

Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges...

4.6CVSS6.5AI score0.00306EPSS
Exploits0References5
Prion
Prion
added 2007/08/28 1:17 a.m.24 views

Code injection

Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges...

4.6CVSS7AI score0.00306EPSS
Exploits0References5Affected Software7
Cvelist
Cvelist
added 2007/08/28 1:0 a.m.22 views

CVE-2007-4563

Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges...

6.5AI score0.00284EPSS
Exploits0References5
Cvelist
Cvelist
added 2007/08/28 1:0 a.m.26 views

CVE-2007-4564

Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges...

6.5AI score0.00306EPSS
Exploits0References5
CVE
CVE
added 2007/08/28 1:0 a.m.58 views

CVE-2007-4564

Cosminexus Manager in Cosminexus Application Server 07-00 and later may assign the wrong user’s group permissions to activated logical server processes, enabling local privilege escalation. Root cause: mis-assignment of group permissions to server processes started by Cosminexus Manager. Impact: ...

4.6CVSS6.5AI score0.00306EPSS
Exploits0References5Affected Software7
Rows per page
Query Builder