CVE-2025-26362 | Q-Free MaxTime up to 2.11.0 HTTP routes.lua missing authentication

Posted by Angelo Barbosa | Feb 12, 2025 | CVE

A vulnerability classified as critical was found in Q-Free MaxTime up to 2.11.0. Affected by this vulnerability is an unknown functionality of the file maxprofile/setup/routes.lua of the component HTTP Handler. The manipulation leads to missing authentication.

This vulnerability is known as CVE-2025-26362. The attack can be launched remotely. There is no exploit available.

CVE-2025-26362 | Q-Free MaxTime up to 2.11.0 HTTP routes.lua missing authentication

Related Posts

CVE-2024-37268 | kaptinlin Striking Plugin up to 2.3.4 on WordPress path traversal

CVE-2024-21687 | Atlassian Bamboo Data Center/Bamboo Server up to 9.6.3 file inclusion

CVE-2024-24486 | Silex DS-600 1.4.1 Setting access control

CVE-2023-51558 | Foxit PDF Reader AcroForm Doc out-of-bounds (ZDI-23-1871)