4.3

CVSS3.1

CVE-2025-26367 -

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create arbitrary user groups via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: April 10, 2025, 7:54 p.m.

7.5

CVSS3.1

CVE-2025-26366 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:42 p.m.

7.5

CVSS3.1

CVE-2025-26365 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:42 p.m.

7.5

CVSS3.1

CVE-2025-26364 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profile server via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:42 p.m.

7.5

CVSS3.1

CVE-2025-26363 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile server via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:42 p.m.

7.5

CVSS3.1

CVE-2025-26362 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile server via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:42 p.m.

9.1

CVSS3.1

CVE-2025-26361 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:44 p.m.

5.3

CVSS3.1

CVE-2025-26360 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:29 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:45 p.m.

9.8

CVSS3.1

CVE-2025-26359 -

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:28 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:45 p.m.

5.5

CVSS3.1

CVE-2025-26358 -

A CWE-15 "External Control of System or Configuration Setting" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to modify system configuration via crafted HTTP requests.

๐Ÿ“… Published: Feb. 12, 2025, 1:28 p.m. ๐Ÿ”„ Last Modified: Oct. 28, 2025, 3:45 p.m.
Total resulsts: 346087
Page 6453 of 34,609
ยซ previous page ยป next page
Filters