5907 matches found
CVE-2025-26376
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to modify user data via crafted HTTP requests...
CVE-2025-26375
CVE-2025-26375 affects Q-Free MaxTime
CVE-2025-26375
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to create users with arbitrary privileges via crafted HTTP requests...
CVE-2025-26373
CVE-2025-26373 affects Q-Free MaxTime
CVE-2025-26372
CVE-2025-26372 affects Q-Free MaxTime
CVE-2025-26372
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove users from groups via crafted HTTP requests...
CVE-2025-26372
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove users from groups via crafted HTTP requests...
CVE-2025-26371
CVE-2025-26371 affects Q-Free MaxTime
CVE-2025-26371
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to add users to groups via crafted HTTP requests...
CVE-2025-26370
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove privileges from user groups via crafted HTTP requests...
CVE-2025-26369
CVE-2025-26369 affects Q-Free MaxTime (MaxTime 2.11.0 and earlier). The issue is a CWE-862 Missing Authorization in maxprofile/user-groups/routes.lua, enabling an authenticated (low-privileged) attacker to add privileges to user groups via crafted HTTP requests. The underlying root cause is missi...
CVE-2025-26369
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to add privileges to user groups via crafted HTTP requests...
CVE-2025-26368
CVE-2025-26368 affects Q-Free MaxTime
CVE-2025-26368
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove user groups via crafted HTTP requests...
CVE-2025-26367
CVE-2025-26367 affects Q-Free MAXTIME Suite (MaxTime)
CVE-2025-26366
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests...
CVE-2025-26366
Summary (CVE-2025-26366): A CWE-306 vulnerability exists in Q-Free MaxTime
CVE-2025-26366
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests...
CVE-2025-26365
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests...
CVE-2025-26365
CVE-2025-26365 involves a CWE-306 issue in Q-Free MaxTime, specifically the file maxprofile/setup/routes.lua. The vulnerability allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests in MaxTime versions 2.11.0 and earlier. Exploitation details are...