PT-2026-44155

TL;DR This vulnerability affects all Kirby sites that allow the use of the link: … KirbyTag, the link: parameter of the image: … KirbyTag, the built-in image block with a link or the HTML importer for blocks, when content is authored by users who may not be fully trusted. The attack requires an...

EUVD-2025-4177

Malicious code in bioql PyPI...

CVE-2025-26366

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests...

CVE-2025-26365

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests...

CVE-2025-26366

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests...

CVE-2025-26366

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests...

CVE-2025-26366

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests...

CVE-2025-26366

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests...

CVE-2025-26366

Summary (CVE-2025-26366): A CWE-306 vulnerability exists in Q-Free MaxTime

CVE-2025-26365

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests...

CVE-2025-26365

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests...

CVE-2025-26365

CVE-2025-26365 involves a CWE-306 issue in Q-Free MaxTime, specifically the file maxprofile/setup/routes.lua. The vulnerability allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests in MaxTime versions 2.11.0 and earlier. Exploitation details are...

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/setup/routes.lua. An...

PT-2025-7154 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authentication for a critical function in Q-Free MaxTime, specifically in the maxprofile/setup/routes.lua file. This allows an unauthenticated remote...

CVE-2022-23169

The CVE-2022-23169 entry maps to Amodat Mobile Application Gateway SQL injection. Affected versions: prior to 7.12.00.09. The vulnerability stems from lack of input validation in the agentid SQL statement, allowing an attacker who is authenticated to the admin panel to craft a SQL payload and exe...

Mcard Mobile Card Selling Platform 1 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Exploit Title: Mcard Mobile Card Selling Platform 1 - SQL Injection Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/mcard-mobile-card-selling-platform/19307193?srank=15 Version: 1 Tested on: Kali linux POC 1 :...

Mcard Mobile Card Selling Platform 1 - SQL Injection

Exploit Title: Exploit Title: Mcard Mobile Card Selling Platform 1 - SQL Injection Date: 2018-05-23 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/mcard-mobile-card-selling-platform/19307193?srank=15 Version: 1 Tested on: Kali linux POC 1 : Attacker can bypass admin panel...

Mcard Mobile Card Selling Platform 1 - SQL Injection

Mcard Mobile Card Selling Platform 1 - SQL Injection Exploit Title: Exploit Title: Mcard Mobile Card Selling Platform 1 - SQL Injection Date: 2018-05-23 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/mcard-mobile-card-selling-platform/19307193?srank=15 Version: 1 Tested on: Kal...

Superfood 1.0 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Superfood - Restaurants & Online Food Order System 1.0 - Persistent cross site scripting / Cross site request forgery / Admin panel Authentication bypass Date: 2018-05-20 Exploit Author: Borna nematzadeh L0RD or email protected...

Auto Dealership Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities

Auto Dealership Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities Exploit Title: Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin panel Authentication bypass Date: 2018-05-21 Exploit Author: Borna nematzadeh L0RD or...