Filtered by vendor Q-free
Subscribe
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26378 | 1 Q-free | 1 Maxtime | 2025-04-10 | N/A | 8.8 HIGH |
| A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to reset passwords, including the ones of administrator accounts, via crafted HTTP requests. | |||||
| CVE-2025-26367 | 1 Q-free | 1 Maxtime | 2025-04-10 | N/A | 4.3 MEDIUM |
| A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create arbitrary user groups via crafted HTTP requests. | |||||
| CVE-2025-26371 | 1 Q-free | 1 Maxtime | 2025-04-10 | N/A | 8.8 HIGH |
| A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add users to groups via crafted HTTP requests. | |||||
| CVE-2025-26376 | 1 Q-free | 1 Maxtime | 2025-04-10 | N/A | 6.5 MEDIUM |
| A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to modify user data via crafted HTTP requests. | |||||
| CVE-2025-26368 | 1 Q-free | 1 Maxtime | 2025-04-10 | N/A | 8.1 HIGH |
| A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove user groups via crafted HTTP requests. | |||||
| CVE-2025-26375 | 1 Q-free | 1 Maxtime | 2025-04-10 | N/A | 8.8 HIGH |
| A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create users with arbitrary privileges via crafted HTTP requests. | |||||