CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26365 |
Description: A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-26364 |
Description: A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profile server via crafted HTTP requests.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-26363 |
Description: A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile server via crafted HTTP requests.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-26362 |
Description: A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile server via crafted HTTP requests.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-26361 |
Description: A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-26360 |
Description: A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-26359 |
Description: A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-26358 |
Description: A CWE-20 "Improper Input Validation" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to modify system configuration via crafted HTTP requests.
CVSS: MEDIUM (5.5) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-26357 |
Description: A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests.
CVSS: MEDIUM (4.9) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-26356 |
Description: A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (setActive endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests.
CVSS: HIGH (7.2) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|