7.5

CVSS3.1

CVE-2025-26366 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:42 p.m.

7.5

CVSS3.1

CVE-2025-26365 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:42 p.m.

7.5

CVSS3.1

CVE-2025-26364 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profile server via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:42 p.m.

7.5

CVSS3.1

CVE-2025-26363 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile server via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:42 p.m.

7.5

CVSS3.1

CVE-2025-26362 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile server via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:42 p.m.

9.1

CVSS3.1

CVE-2025-26361 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:44 p.m.

5.3

CVSS3.1

CVE-2025-26360 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:45 p.m.

9.8

CVSS3.1

CVE-2025-26359 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:28 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:45 p.m.

5.5

CVSS3.1

CVE-2025-26358 -

A CWE-15 "External Control of System or Configuration Setting" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to modify system configuration via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:28 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:45 p.m.

4.9

CVSS3.1

CVE-2025-26357 -

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:28 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:46 p.m.
Total resulsts: 344045
Page 6249 of 34,405
ยซ previous page ยป next page
Filters