Show filters
1,404 Total Results
Displaying 31-40 of 1,404
Sort by:
Attacker Value
Unknown

CVE-2025-26358

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-20 "Improper Input Validation" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to modify system configuration via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26357

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26356

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (setActive endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26355

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26354

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (copy endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26353

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26352

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26351

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-35 "Path Traversal" in the template download mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26350

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-434 "Unrestricted Upload of File with Dangerous Type" in the template file uploads in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to upload malicious files via crafted HTTP requests.
0
0
Attacker Value
Unknown

CVE-2025-26349

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
A CWE-23 "Relative Path Traversal" in the file upload mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite arbitrary files via crafted HTTP requests.
0
0
View More Topics  < Previous  Next >