CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26520 |
Description: Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146.
CVSS: HIGH (7.6) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-26378 |
Description: A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to reset passwords, including the ones of administrator accounts, via crafted HTTP requests.
CVSS: HIGH (8.8) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-26377 |
Description: A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users via crafted HTTP requests.
CVSS: HIGH (8.1) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-26376 |
Description: A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to modify user data via crafted HTTP requests.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-26375 |
Description: A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create users with arbitrary privileges via crafted HTTP requests.
CVSS: HIGH (8.8) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-26374 |
Description: A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-26373 |
Description: A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-26372 |
Description: A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from groups via crafted HTTP requests.
CVSS: HIGH (7.1) EPSS Score: 0.05%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-26371 |
Description: A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add users to groups via crafted HTTP requests.
CVSS: HIGH (8.8) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-26370 |
Description: A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove privileges from user groups via crafted HTTP requests.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|