Q-free Maxtime
43 CVEs affecting Q-free Maxtime. Latest disclosed: 2025-02-12. Critical: 9, High: 18.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-26359 | Critical | 9.8 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an una… |
CVE-2025-26347 | Critical | 9.8 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthe… |
CVE-2025-26345 | Critical | 9.8 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthe… |
CVE-2025-26344 | Critical | 9.8 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an u… |
CVE-2025-26342 | Critical | 9.8 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an una… |
CVE-2025-26341 | Critical | 9.8 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an una… |
CVE-2025-26339 | Critical | 9.8 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenti… |
CVE-2025-1100 | Critical | 9.8 | 2025-02-12 | A CWE-259 "Use of Hard-coded Password" for the root account in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to… |
CVE-2025-26361 | Critical | 9.1 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauth… |
CVE-2025-26378 | High | 8.8 | 2025-02-12 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged… |
CVE-2025-26375 | High | 8.8 | 2025-02-12 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged… |
CVE-2025-26371 | High | 8.8 | 2025-02-12 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-priv… |
CVE-2025-26369 | High | 8.8 | 2025-02-12 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-priv… |
CVE-2025-26340 | High | 8.8 | 2025-02-12 | A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT signing in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote atta… |
CVE-2025-26377 | High | 8.1 | 2025-02-12 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged… |
CVE-2025-26368 | High | 8.1 | 2025-02-12 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-priv… |
CVE-2025-26343 | High | 8.1 | 2025-02-12 | A CWE-1390 "Weak Authentication" in the PIN authentication mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote at… |
CVE-2025-26366 | High | 7.5 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauth… |
CVE-2025-26365 | High | 7.5 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauth… |
CVE-2025-26364 | High | 7.5 | 2025-02-12 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauth… |