Show filters
671 Total Results
Displaying 21-30 of 671
Sort by:
Attacker Value
Unknown

CVE-2025-26361

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26360

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26359

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26358

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-20 "Improper Input Validation" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to modify system configuration via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26357

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26356

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (setActive endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26355

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26354

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (copy endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26353

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26352

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests.
0
0
View More Topics  < Previous  Next >