7.1

CVSS3.1

CVE-2025-26372 -

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from groups via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:30 p.m. ๐Ÿ”„ Last Modified: July 13, 2025, 11:07 a.m.

8.8

CVSS3.1

CVE-2025-26371 -

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add users to groups via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:30 p.m. ๐Ÿ”„ Last Modified: April 10, 2025, 7:54 p.m.

7.1

CVSS3.1

CVE-2025-26370 -

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove privileges from user groups via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:30 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:41 p.m.

8.8

CVSS3.1

CVE-2025-26369 -

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add privileges to user groups via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: May 27, 2025, 9:25 p.m.

8.1

CVSS3.1

CVE-2025-26368 -

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove user groups via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: April 10, 2025, 6:55 p.m.

4.3

CVSS3.1

CVE-2025-26367 -

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create arbitrary user groups via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: April 10, 2025, 7:54 p.m.

7.5

CVSS3.1

CVE-2025-26366 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:42 p.m.

7.5

CVSS3.1

CVE-2025-26365 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:42 p.m.

7.5

CVSS3.1

CVE-2025-26364 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profile server via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:42 p.m.

7.5

CVSS3.1

CVE-2025-26363 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile server via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:42 p.m.
Total resulsts: 349182
Page 6762 of 34,919
ยซ previous page ยป next page
Filters