CVE-2025-26378 | Nozomi Q-Free MaxTime up to 2.11.0 HTTP routes.lua authorization

Inserito da Angelo Barbosa | Feb 12, 2025 | CVE

A vulnerability was found in Nozomi Q-Free MaxTime up to 2.11.0. It has been classified as critical. This affects an unknown part of the file maxprofile/users/routes.lua of the component HTTP Handler. The manipulation leads to missing authorization.

This vulnerability is uniquely identified as CVE-2025-26378. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2025-26378 | Nozomi Q-Free MaxTime up to 2.11.0 HTTP routes.lua authorization

Post correlati

CVE-2023-28063 | Dell CPG BIOS up to 3.17.0 signed to unsigned conversion error (dsa-2023-176)

CVE-2024-9031 | CodeCanyon CRMGo SaaS up to 7.2 show comment cross site scripting

CVE-2024-11788 | StreamWeasels YouTube Integration Plugin up to 1.3.6 on WordPress cross site scripting

CVE-2024-28026 | MC Technologies MC LR Router 2.10.5 HTTP Request out1 os command injection (TALOS-2024-1953)