Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

q-free maxtime vulnerabilities and exploits

(subscribe to this query)
650
VMScore

CVE-2025-1102

A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote malicious user to affect the device confidentiality, integrity, or availability via crafted URLs or HTTP requests.
Q-free Maxtime
1000
VMScore

CVE-2025-26339

A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote malicious user to affect the device confidentiality, integrity, or availability in multiple unspec...
Q-free Maxtime
980
VMScore

CVE-2025-26340

A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT signing in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote malicious user to bypass the authentication via crafted HTTP requests.
Q-free Maxtime
1000
VMScore

CVE-2025-26341

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote malicious user to reset arbitrary user passwords via crafted HTTP requests.
Q-free Maxtime
1000
VMScore

CVE-2025-26342

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote malicious user to create arbitrary users, including administrators, via crafted HTTP reques...
Q-free Maxtime
910
VMScore

CVE-2025-26343

A CWE-1390 "Weak Authentication" in the PIN authentication mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote malicious user to brute-force user PINs via multiple crafted HTTP requests.
Q-free Maxtime
1000
VMScore

CVE-2025-26344

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote malicious user to enable passwordless guest mode via crafted HTTP requests.
Q-free Maxtime
1000
VMScore

CVE-2025-26345

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote malicious user to edit user group permissions via crafted HTTP requests.
Q-free Maxtime
650
VMScore

CVE-2025-26346

A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserGroupMenu endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote malicious user to ex...
Q-free Maxtime
1000
VMScore

CVE-2025-26347

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote malicious user to edit user permissions via crafted HTTP requests.
Q-free Maxtime
Preferred Score:
VMScore
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
springboot-adminCVE-2025-3989lecmsCVE-2025-3906code injectionCVE-2025-32432CVE-2025-2105CVE-2025-3984wirelessopplustype confusionCVE-2025-29306n150rt
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook