Lucene search
K

4 matches found

OSV
OSV
added 2025/02/12 2:15 p.m.8 views

CVE-2025-1101

A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests...

5.3CVSS5.8AI score0.0068EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.3 views

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that stems from a missing authorization in maxprofile/users/routes.lua. An attacker could exploit the vulnerability t...

8.1CVSS6.3AI score0.00487EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.8 views

PT-2025-7160 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authorization, allowing an authenticated attacker with low privileges to add users to groups via crafted HTTP requests. This is due to a problem in the...

8.8CVSS6.3AI score0.0053EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/11/11 12:0 a.m.5 views

Ec-cube 跨站请求伪造漏洞

EC-CUBE is an open source system for creating shopping websites. EC-CUBE versions 2.11.0 - 2.17.1 have a cross-site request forgery vulnerability in the administration interface. An attacker could exploit the vulnerability to remove administrators by tricking a user with administrative privileges...

6.5CVSS5.5AI score0.00533EPSS
Exploits1References5
Rows per page
Query Builder