Filtered by vendor Q-free
Subscriptions
Total
43 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26354 | 1 Q-free | 1 Maxtime | 2025-02-17 | 7.2 High |
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (copy endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests. | ||||
| CVE-2025-26352 | 1 Q-free | 1 Maxtime | 2025-02-17 | 6.5 Medium |
| A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests. | ||||
| CVE-2025-26349 | 1 Q-free | 1 Maxtime | 2025-02-17 | 7.2 High |
| A CWE-23 "Relative Path Traversal" in the file upload mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite arbitrary files via crafted HTTP requests. | ||||