Q-Free Maxtime vulnerabilities
43 known vulnerabilities affecting q-free/maxtime.
Total CVEs
43
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH22MEDIUM12
Vulnerabilities
Page 3 of 3
CVE-2025-26351P4MEDIUMCVSS 4.9≤ 2.11.02025-02-12
CVE-2025-26351 [MEDIUM] CWE-35 CVE-2025-26351: A CWE-35 "Path Traversal" in the template download mechanism in Q-Free MaxTime less than or equal to
A CWE-35 "Path Traversal" in the template download mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests.
nvd
CVE-2025-26367P4MEDIUMCVSS 4.3≤ 2.11.02025-02-12
CVE-2025-26367 [MEDIUM] CWE-862 CVE-2025-26367: A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than o
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create arbitrary user groups via crafted HTTP requests.
nvd
CVE-2025-26374P4MEDIUMCVSS 4.3≤ 2.11.02025-02-12
CVE-2025-26374 [MEDIUM] CWE-862 CVE-2025-26374: A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.
nvd
← Previous3 / 3