Lucene search
+L

4 matches found

nvd
nvd
added 2025/02/12 2:15 p.m.21 views

CVE-2025-26362

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile server via crafted HTTP requests...

7.5CVSS0.00539EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/02/12 1:29 p.m.5 views

CVE-2025-26362

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile server via crafted HTTP requests...

7.5CVSS7.9AI score0.00539EPSS
Exploits0References1
cvelist
cvelist
added 2025/02/12 1:29 p.m.14 views

CVE-2025-26362

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile server via crafted HTTP requests...

7.5CVSS0.00539EPSS
Exploits0References1
cve
cve
added 2025/02/12 1:29 p.m.58 views

CVE-2025-26362

CVE-2025-26362 describes a CWE-306 issue in Q-Free MaxTime: the vulnerability exists in the maxprofile/setup/routes.lua function, affecting MaxTime versions 2.11.0 and earlier. An unauthenticated remote attacker can craft HTTP requests to set an arbitrary authentication profile on the server. Thi...

7.5CVSS7.9AI score0.00539EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder