CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26341 |
Description: A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset arbitrary user passwords via crafted HTTP requests.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-26340 |
Description: A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT signing in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to bypass the authentication via crafted HTTP requests.
CVSS: HIGH (8.8) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-26339 |
Description: A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability in multiple unspecified ways via crafted HTTP requests.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-25746 |
Description: D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetWanSettings module.
EPSS Score: 0.1%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-25744 |
Description: D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetDynamicDNSSettings module.
EPSS Score: 0.1%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-25743 |
Description: D-Link DIR-853 A1 FW1.20B07 was discovered to contain a command injection vulnerability in the SetVirtualServerSettings module.
EPSS Score: 0.05%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-25742 |
Description: D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the AccountPassword parameter in the SetSysEmailSettings module.
EPSS Score: 0.1%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-25741 |
Description: D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the IPv6_PppoePassword parameter in the SetIPv6PppoeSettings module.
EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-25351 |
Description: PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter.
EPSS Score: 0.11%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-25349 |
Description: PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the costitem parameter.
EPSS Score: 0.11%
February 13th, 2025 (5 months ago)
|