CVE-2025-26376 | Nozomi Q-Free MaxTime up to 2.11.0 HTTP routes.lua authorization

Posted by Angelo Barbosa | Feb 12, 2025 | CVE

A vulnerability classified as problematic was found in Nozomi Q-Free MaxTime up to 2.11.0. Affected by this vulnerability is an unknown functionality of the file maxprofile/users/routes.lua of the component HTTP Handler. The manipulation leads to missing authorization.

This vulnerability is known as CVE-2025-26376. The attack can be launched remotely. There is no exploit available.

CVE-2025-26376 | Nozomi Q-Free MaxTime up to 2.11.0 HTTP routes.lua authorization

Related Posts

CVE-2024-33953 | Matt van Andel Adventure Journal Plugin up to 1.7.2 on WordPress cross site scripting

CVE-2024-6496 | Light Poll Plugin up to 1.0.0 on WordPress cross-site request forgery

CVE-2024-36669 | idcCMS 1.35 type_deal.php cross-site request forgery

CVE-2023-50251 | dompdf php-svg-lib up to 0.5.0 SVG File recursion