Show filters
1,404 Total Results
Displaying 21-30 of 1,404
Sort by:
Attacker Value
Unknown

CVE-2025-26368

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove user groups via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26367

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create arbitrary user groups via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26366

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26365

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26364

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profile server via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26363

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile server via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26362

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile server via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26361

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26360

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26359

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests.
0
0
View More Topics  < Previous  Next >