Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Q-freeMaxtime

9 matches found

CVE
CVEadded 2025/02/12 2:15 p.m.60 views

CVE-2025-26367

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create arbitrary user groups via crafted HTTP requests.

4.3CVSS4.7AI score0.00071EPSS
CVE
CVEadded 2025/02/12 2:15 p.m.58 views

CVE-2025-26375

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create users with arbitrary privileges via crafted HTTP requests.

8.8CVSS8.6AI score0.0011EPSS
CVE
CVEadded 2025/02/12 2:15 p.m.57 views

CVE-2025-26369

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add privileges to user groups via crafted HTTP requests.

8.8CVSS8.6AI score0.0011EPSS
CVE
CVEadded 2025/02/12 2:15 p.m.57 views

CVE-2025-26372

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from groups via crafted HTTP requests.

8.1CVSS6.8AI score0.00096EPSS
CVE
CVEadded 2025/02/12 2:15 p.m.55 views

CVE-2025-26371

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add users to groups via crafted HTTP requests.

8.8CVSS8.5AI score0.0011EPSS
CVE
CVEadded 2025/02/12 2:15 p.m.54 views

CVE-2025-26368

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove user groups via crafted HTTP requests.

8.1CVSS8AI score0.00096EPSS
CVE
CVEadded 2025/02/12 2:15 p.m.52 views

CVE-2025-26374

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.

6.5CVSS6.4AI score0.00054EPSS
CVE
CVEadded 2025/02/12 2:15 p.m.52 views

CVE-2025-26376

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to modify user data via crafted HTTP requests.

6.5CVSS6.4AI score0.00071EPSS
CVE
CVEadded 2025/02/12 2:15 p.m.51 views

CVE-2025-26378

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to reset passwords, including the ones of administrator accounts, via crafted HTTP requests.

8.8CVSS8.6AI score0.0011EPSS