CVE-2025-26368 | Nozomi Q-Free MaxTime up to 2.11.0 HTTP routes.lua authorization

Inserito da Angelo Barbosa | Feb 12, 2025 | CVE

A vulnerability was found in Nozomi Q-Free MaxTime up to 2.11.0. It has been rated as problematic. This issue affects some unknown processing of the file maxprofile/user-groups/routes.lua of the component HTTP Handler. The manipulation leads to missing authorization.

The identification of this vulnerability is CVE-2025-26368. The attack may be initiated remotely. There is no exploit available.

CVE-2025-26368 | Nozomi Q-Free MaxTime up to 2.11.0 HTTP routes.lua authorization

Post correlati

CVE-2024-3740 | cym1102 nginxWebUI up to 3.9.9 /adminPage/conf/reload exec nginxExe deserialization

CVE-2025-21532 | Oracle Analytics Desktop up to 8.0.x Install Local Privilege Escalation

CVE-2023-48228: authentik improper authentication

CVE-2002-20002 | Perl always uses Perl Net::EasyTCP Package up to 0.14 rand weak prng (ID 184)