CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

4.3CVSS5.8AI score0.00181EPSS

CVE-2025-26374

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua users endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to enumerate users via crafted HTTP requests...

OSV•added 2025/02/12 2:15 p.m.•3 views

CVE-2025-26372

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove users from groups via crafted HTTP requests...

8.1CVSS5.8AI score0.0016EPSS

NVD•added 2025/02/12 2:15 p.m.•10 views

CVE-2025-26376

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to modify user data via crafted HTTP requests...

6.5CVSS0.00252EPSS

NVD•added 2025/02/12 2:15 p.m.•11 views

CVE-2025-26374

6.5CVSS0.00181EPSS

8.1CVSS5.8AI score0.0015EPSS

CVE-2025-26377

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove users via crafted HTTP requests...

6.5CVSS5.8AI score0.00258EPSS

CVE-2025-26373

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua user endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to enumerate users via crafted HTTP requests...

NVD•added 2025/02/12 2:15 p.m.•14 views

CVE-2025-26371

8.8CVSS0.00155EPSS

NVD•added 2025/02/12 2:15 p.m.•7 views

CVE-2025-26377

8.1CVSS0.0015EPSS

6.5CVSS5.8AI score0.00252EPSS

CVE-2025-26376

NVD•added 2025/02/12 2:15 p.m.•13 views

CVE-2025-26372

8.1CVSS0.0016EPSS

NVD•added 2025/02/12 2:15 p.m.•8 views

CVE-2025-26373

6.5CVSS0.00258EPSS

4.3CVSS5.9AI score0.00252EPSS

CVE-2025-26367

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to create arbitrary user groups via crafted HTTP requests...

7.5CVSS5.8AI score0.00569EPSS

CVE-2025-26364

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profile server via crafted HTTP requests...

NVD•added 2025/02/12 2:15 p.m.•14 views

CVE-2025-26369

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to add privileges to user groups via crafted HTTP requests...

8.8CVSS0.00155EPSS

7.5CVSS5.8AI score0.00569EPSS

CVE-2025-26365

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests...

7.5CVSS5.8AI score0.00569EPSS

CVE-2025-26366

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests...

OSV•added 2025/02/12 2:15 p.m.•3 views

CVE-2025-26369

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to add privileges to user groups via crafted HTTP requests...

8.8CVSS5.8AI score0.00155EPSS

7.1CVSS5.8AI score0.00156EPSS

CVE-2025-26370

NVD•added 2025/02/12 2:15 p.m.•9 views

CVE-2025-26365

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests...

7.5CVSS0.00569EPSS