CVE-2025-26357 | Nozomi Q-Free MaxTime up to 2.11.0 HTTP database.lua path traversal

Inserito da Angelo Barbosa | Feb 12, 2025 | CVE

A vulnerability was found in Nozomi Q-Free MaxTime up to 2.11.0. It has been rated as problematic. This issue affects some unknown processing of the file maxtime/api/database/database.lua of the component HTTP Handler. The manipulation leads to path traversal: ‘…/…//’.

The identification of this vulnerability is CVE-2025-26357. The attack may be initiated remotely. There is no exploit available.

CVE-2025-26357 | Nozomi Q-Free MaxTime up to 2.11.0 HTTP database.lua path traversal

Post correlati

CVE-2024-46951 | Artifex Ghostscript up to 10.03.x Pattern Color Space psi/zcolor.c Remote Code Execution

CVE-2024-50348 | InstantSoft icms2 up to 2.16.2 Photo Album Page cross site scripting (GHSA-f6cf-jg84-fw29)

CVE-2024-9674 | Debrandify Plugin up to 1.1.2 on WordPress SVG File Upload cross site scripting

CVE-2021-46927 | Linux Kernel up to 5.15.12 pagemap get_user_pages_unlocked assertion (90d2beed5e75/3a0152b21952)