CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/02/12 1:28 p.m.•52 views

CVE-2025-26358

CVE-2025-26358 concerns an external control of system configuration via the Q-Free MaxTime software. The vulnerability lies in the ldbMT.so module (

5.5CVSS6.4AI score0.00419EPSS

CVE-2025-26358

5.5CVSS0.00419EPSS

CVE•added 2025/02/12 1:28 p.m.•97 views

CVE-2025-26357

CVE-2025-26357 affects Q-Free MaxTime (Maxtime) prior to 2.11.0. A Path Traversal in maxtime/api/database/database.lua allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. Impact is read access to sensitive files; no exploitation details beyond that are provi...

4.9CVSS5AI score0.00231EPSS

CVE-2025-26357

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests...

4.9CVSS0.00231EPSS

Vulnrichment•added 2025/02/12 1:28 p.m.•6 views

CVE-2025-26357

4.9CVSS5AI score0.00231EPSS

CVE•added 2025/02/12 1:28 p.m.•90 views

CVE-2025-26356

CVE-2025-26356 affects Q-Free MaxTime

7.2CVSS6.9AI score0.01754EPSS

Vulnrichment•added 2025/02/12 1:28 p.m.•5 views

CVE-2025-26356

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua setActive endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests...

7.2CVSS6.9AI score0.01754EPSS

Cvelist•added 2025/02/12 1:28 p.m.•9 views

CVE-2025-26356

7.2CVSS0.01754EPSS

CVE•added 2025/02/12 1:28 p.m.•77 views

CVE-2025-26355

CVE-2025-26355 describes a CWE-35 path traversal in Q-Free MaxTime. The vulnerability resides in maxtime/api/database/database.lua and affects MaxTime versions less than or equal to 2.11.0. An authenticated remote attacker could delete sensitive files by crafting HTTP requests. The connected sour...

6.5CVSS6.4AI score0.01694EPSS

CVE-2025-26355

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests...

6.5CVSS0.01694EPSS

Vulnrichment•added 2025/02/12 1:28 p.m.•6 views

CVE-2025-26355

6.5CVSS6.4AI score0.01694EPSS

Vulnrichment•added 2025/02/12 1:28 p.m.•4 views

CVE-2025-26354

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua copy endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests...

7.2CVSS6.9AI score0.02136EPSS

CVE-2025-26354

7.2CVSS0.02136EPSS

CVE•added 2025/02/12 1:28 p.m.•72 views

CVE-2025-26354

CVE-2025-26354 concerns Q-Free MaxTime

7.2CVSS6.9AI score0.02136EPSS

CVE•added 2025/02/12 1:28 p.m.•84 views

CVE-2025-26353

CVE-2025-26353 corresponds to a CWE-35 Path Traversal in Q-Free MaxTime

4.9CVSS6.7AI score0.00171EPSS

Cvelist•added 2025/02/12 1:28 p.m.•8 views

CVE-2025-26353

A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests...

4.9CVSS0.00171EPSS

Vulnrichment•added 2025/02/12 1:28 p.m.•3 views

CVE-2025-26353

4.9CVSS6.7AI score0.00171EPSS

CVE•added 2025/02/12 1:28 p.m.•46 views

CVE-2025-26352

The CVE-2025-26352 entry documents a CWE-35 path traversal in the template deletion mechanism of Q-Free MaxTime (≤ v2.11.0). An authenticated remote attacker can delete sensitive files via crafted HTTP requests, due to the insecure handling in the deletion path. Impact is described as the ability...

6.5CVSS6.4AI score0.00866EPSS

Cvelist•added 2025/02/12 1:28 p.m.•7 views

CVE-2025-26352

A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests...

6.5CVSS0.00866EPSS