Lucene search
K

10 matches found

OSV
OSV
added 2025/02/12 2:15 p.m.4 views

CVE-2025-26367

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to create arbitrary user groups via crafted HTTP requests...

4.3CVSS5.9AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2025/02/12 2:15 p.m.12 views

CVE-2025-26356

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua setActive endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests...

7.2CVSS0.00775EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.5 views

CVE-2025-26347

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user permissions via crafted HTTP requests...

9.8CVSS5.8AI score0.01029EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/12 1:28 p.m.5 views

CVE-2025-26359

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests...

9.8CVSS9.6AI score0.00855EPSS
Exploits0References1
CVE
CVE
added 2025/02/12 1:28 p.m.101 views

CVE-2025-26357

CVE-2025-26357 affects Q-Free MaxTime (Maxtime) prior to 2.11.0. A Path Traversal in maxtime/api/database/database.lua allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. Impact is read access to sensitive files; no exploitation details beyond that are provi...

4.9CVSS5AI score0.00698EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/12 1:28 p.m.5 views

CVE-2025-26354

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua copy endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests...

7.2CVSS6.9AI score0.00775EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.7 views

PT-2025-7151 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: A missing authentication issue for a critical function in maxprofile/setup/routes.lua allows an unauthenticated remote attacker to set an arbitrary authentication profile server via...

7.5CVSS7.5AI score0.00517EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.3 views

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that stems from a missing authorization in maxprofile/users/routes.lua. An attacker could exploit the vulnerability t...

6.5CVSS6.2AI score0.00315EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.5 views

PT-2025-7136 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: A missing authentication issue for a critical function in maxprofile/menu/routes.lua allows an unauthenticated remote attacker to edit user permissions via crafted HTTP requests...

9.8CVSS7.3AI score0.01029EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.5 views

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that stems from a missing authorization in maxprofile/users/routes.lua. An attacker exploiting this vulnerability cou...

6.5CVSS6.3AI score0.00302EPSS
Exploits0References1
Rows per page
Query Builder