Show filters
1,404 Total Results
Displaying 11-20 of 1,404
Sort by:
Attacker Value
Unknown

CVE-2025-26378

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to reset passwords, including the ones of administrator accounts, via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26377

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26376

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to modify user data via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26375

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create users with arbitrary privileges via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26374

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26373

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26372

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from groups via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26371

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add users to groups via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26370

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove privileges from user groups via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26369

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add privileges to user groups via crafted HTTP requests.
0
0
View More Topics  < Previous  Next >