Maxtime Security Vulnerabilities and Issues — Maxtime CVE List

Lucene search

Q-freeMaxtime

2 matches found

CVE•added 2025/02/12 2:15 p.m.•53 views

CVE-2025-26376

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to modify user data via crafted HTTP requests.

6.5CVSS6.4AI score0.00077EPSS

CVE•added 2025/02/12 2:15 p.m.•52 views

CVE-2025-26374

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.

6.5CVSS6.4AI score0.00058EPSS