8.1

CVSS3.1

CVE-2025-26343 -

A CWE-1390 "Weak Authentication" in the PIN authentication mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to brute-force user PINs via multiple crafted HTTP requests.

πŸ“… Published: Feb. 12, 2025, 1:27 p.m. πŸ”„ Last Modified: Oct. 24, 2025, 3:04 p.m.

9.8

CVSS3.1

CVE-2025-26342 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to create arbitrary users, including administrators, via crafted HTTP requests.

πŸ“… Published: Feb. 12, 2025, 1:27 p.m. πŸ”„ Last Modified: Oct. 24, 2025, 3:04 p.m.

9.8

CVSS3.1

CVE-2025-26341 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset arbitrary user passwords via crafted HTTP requests.

πŸ“… Published: Feb. 12, 2025, 1:27 p.m. πŸ”„ Last Modified: Oct. 24, 2025, 3:05 p.m.

8.8

CVSS3.1

CVE-2025-26340 -

A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT signing in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to bypass the authentication via crafted HTTP requests.

πŸ“… Published: Feb. 12, 2025, 1:26 p.m. πŸ”„ Last Modified: Oct. 24, 2025, 2:58 p.m.

9.8

CVSS3.1

CVE-2025-26339 -

A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability in multiple unspecified ways via crafted HTTP request…

πŸ“… Published: Feb. 12, 2025, 1:26 p.m. πŸ”„ Last Modified: Oct. 24, 2025, 2:58 p.m.

5.5

CVSS3.1

CVE-2025-1102 -

A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability via crafted URLs or HTTP requests.

πŸ“… Published: Feb. 12, 2025, 1:26 p.m. πŸ”„ Last Modified: Oct. 24, 2025, 2:58 p.m.

5.3

CVSS3.1

CVE-2025-1101 -

A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests.

πŸ“… Published: Feb. 12, 2025, 1:26 p.m. πŸ”„ Last Modified: Oct. 24, 2025, 2:55 p.m.

9.8

CVSS3.1

CVE-2025-1100 -

A CWE-259 "Use of Hard-coded Password" for the root account in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to execute arbitrary code with root privileges via SSH.

πŸ“… Published: Feb. 12, 2025, 1:26 p.m. πŸ”„ Last Modified: Oct. 24, 2025, 2:55 p.m.

5.3

CVSS4.0

CVE-2025-1199 - SourceCodester Best Church Management Software role_crud.php sql injection

A vulnerability was found in SourceCodester Best Church Management Software 1.1. It has been classified as critical. This affects an unknown part of the file /admin/app/role_crud.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exp…

πŸ“… Published: Feb. 12, 2025, 1 p.m. πŸ”„ Last Modified: Feb. 18, 2025, 6:06 p.m.

5.3

CVSS4.0

CVE-2025-1197 - code-projects Real Estate Property Management System load_user-profile.php sql injection

A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /_parse/load_user-profile.php. The manipulation of the argument userhash leads to sql injection. The attack c…

πŸ“… Published: Feb. 12, 2025, 12:31 p.m. πŸ”„ Last Modified: Oct. 23, 2025, 8:06 p.m.
Total resulsts: 344062
Page 6253 of 34,407
Β« previous page Β» next page
Filters