Maxtime

maxtime

Vendor: Q Free • 43 CVEs

CVEs (43)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-26378 1Q Free 1Maxtime Apr 10, 2025 Feb 12, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to reset passwords, including the ones of administ...Show more A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to reset passwords, including the ones of administrator accounts, via crafted HTTP requests.Show less
CVE-2025-26377 1Q Free 1Maxtime Oct 28, 2025 Feb 12, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users via crafted HTTP requests.
CVE-2025-26376 1Q Free 1Maxtime Apr 10, 2025 Feb 12, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to modify user data via crafted HTTP requests.
CVE-2025-26375 1Q Free 1Maxtime Apr 10, 2025 Feb 12, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create users with arbitrary privileges via craf...Show more A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create users with arbitrary privileges via crafted HTTP requests.Show less
CVE-2025-26374 1Q Free 1Maxtime Mar 3, 2025 Feb 12, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HT...Show more A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.Show less
CVE-2025-26373 1Q Free 1Maxtime Oct 28, 2025 Feb 12, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTT...Show more A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.Show less
CVE-2025-26372 1Q Free 1Maxtime Mar 3, 2025 Feb 12, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from groups via crafted HTTP...Show more A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from groups via crafted HTTP requests.Show less
CVE-2025-26371 1Q Free 1Maxtime Apr 10, 2025 Feb 12, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add users to groups via crafted HTTP requ...Show more A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add users to groups via crafted HTTP requests.Show less
CVE-2025-26370 1Q Free 1Maxtime Oct 28, 2025 Feb 12, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove privileges from user groups via cr...Show more A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove privileges from user groups via crafted HTTP requests.Show less
CVE-2025-26369 1Q Free 1Maxtime May 27, 2025 Feb 12, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add privileges to user groups via crafted...Show more A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add privileges to user groups via crafted HTTP requests.Show less
CVE-2025-26368 1Q Free 1Maxtime Apr 10, 2025 Feb 12, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove user groups via crafted HTTP reque...Show more A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove user groups via crafted HTTP requests.Show less
CVE-2025-26367 1Q Free 1Maxtime Apr 10, 2025 Feb 12, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create arbitrary user groups via crafted...Show more A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create arbitrary user groups via crafted HTTP requests.Show less
CVE-2025-26366 1Q Free 1Maxtime Oct 28, 2025 Feb 12, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authenticati...Show more A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests.Show less
CVE-2025-26365 1Q Free 1Maxtime Oct 28, 2025 Feb 12, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authenticatio...Show more A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests.Show less
CVE-2025-26364 1Q Free 1Maxtime Oct 28, 2025 Feb 12, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profil...Show more A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profile server via crafted HTTP requests.Show less
CVE-2025-26363 1Q Free 1Maxtime Oct 28, 2025 Feb 12, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile...Show more A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile server via crafted HTTP requests.Show less
CVE-2025-26362 1Q Free 1Maxtime Oct 28, 2025 Feb 12, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication...Show more A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile server via crafted HTTP requests.Show less
CVE-2025-26361 1Q Free 1Maxtime Oct 28, 2025 Feb 12, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via cra...Show more A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests.Show less
CVE-2025-26360 1Q Free 1Maxtime Oct 28, 2025 Feb 12, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via craf...Show more A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests.Show less
CVE-2025-26359 1Q Free 1Maxtime Oct 28, 2025 Feb 12, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted H...Show more A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests.Show less

12 3 Next