Q-free

Maxtime

43 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-26378

  • EPSS 0.3%
  • Veröffentlicht 12.02.2025 14:15:39
  • Zuletzt bearbeitet 10.04.2025 20:25:15

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to reset passwords, including the ones of administrator accounts, via crafted HT...

8.1

CVE-2025-26377

  • EPSS 0.27%
  • Veröffentlicht 12.02.2025 14:15:38
  • Zuletzt bearbeitet 28.10.2025 15:41:39

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users via crafted HTTP requests.

6.5

CVE-2025-26376

  • EPSS 0.16%
  • Veröffentlicht 12.02.2025 14:15:38
  • Zuletzt bearbeitet 10.04.2025 19:54:07

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to modify user data via crafted HTTP requests.

8.8

CVE-2025-26375

  • EPSS 0.3%
  • Veröffentlicht 12.02.2025 14:15:38
  • Zuletzt bearbeitet 10.04.2025 18:55:29

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create users with arbitrary privileges via crafted HTTP requests.

4.3

CVE-2025-26374

  • EPSS 0.12%
  • Veröffentlicht 12.02.2025 14:15:38
  • Zuletzt bearbeitet 03.03.2025 19:36:13

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.

6.5

CVE-2025-26373

  • EPSS 0.17%
  • Veröffentlicht 12.02.2025 14:15:38
  • Zuletzt bearbeitet 28.10.2025 15:41:46

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.

8.1

CVE-2025-26372

  • EPSS 0.27%
  • Veröffentlicht 12.02.2025 14:15:38
  • Zuletzt bearbeitet 03.03.2025 19:36:13

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from groups via crafted HTTP requests.

8.8

CVE-2025-26371

  • EPSS 0.3%
  • Veröffentlicht 12.02.2025 14:15:38
  • Zuletzt bearbeitet 10.04.2025 19:54:12

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add users to groups via crafted HTTP requests.

8.1

CVE-2025-26368

  • EPSS 0.27%
  • Veröffentlicht 12.02.2025 14:15:37
  • Zuletzt bearbeitet 10.04.2025 18:55:33

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove user groups via crafted HTTP requests.

7.5

CVE-2025-26364

  • EPSS 0.14%
  • Veröffentlicht 12.02.2025 14:15:37
  • Zuletzt bearbeitet 28.10.2025 15:42:15

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profile server via crafted HTTP requ...