Home/Product/q free maxtime
Product

q free maxtime

43 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-26378
<= 2.11.0
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an
8.8HIGH
 CVE-2025-26377
<= 2.11.0
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an
8.1HIGH
 CVE-2025-26376
<= 2.11.0
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an
6.5MEDIUM
 CVE-2025-26375
<= 2.11.0
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an
8.8HIGH
 CVE-2025-26374
<= 2.11.0
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version
6.5MEDIUM
 CVE-2025-26373
<= 2.11.0
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2
6.5MEDIUM
 CVE-2025-26372
<= 2.11.0
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allo
7.1HIGH
 CVE-2025-26371
<= 2.11.0
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allo
8.8HIGH
 CVE-2025-26370
<= 2.11.0
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allo
7.1HIGH
 CVE-2025-26369
<= 2.11.0
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allo
8.8HIGH
 CVE-2025-26368
<= 2.11.0
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allo
8.1HIGH
 CVE-2025-26367
<= 2.11.0
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allo
4.3MEDIUM
 CVE-2025-26366
<= 2.11.0
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to ve
7.5HIGH
 CVE-2025-26365
<= 2.11.0
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to ve
7.5HIGH
 CVE-2025-26364
<= 2.11.0
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to ve
7.5HIGH
 CVE-2025-26363
<= 2.11.0
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to ve
7.5HIGH
 CVE-2025-26362
<= 2.11.0
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to ve
7.5HIGH
 CVE-2025-26361
<= 2.11.0
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to ve
9.1CRITICAL
 CVE-2025-26360
<= 2.11.0
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal
5.3MEDIUM
 CVE-2025-26359
<= 2.11.0
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to
9.8CRITICAL
 CVE-2025-26358
<= 2.11.0
A CWE-15 "External Control of System or Configuration Setting" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.11.0
5.5MEDIUM
 CVE-2025-26357
<= 2.11.0
A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an au
4.9MEDIUM
 CVE-2025-26356
<= 2.11.0
A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (setActive endpoint) in Q-Free MaxTime less than or equal to versio
7.2HIGH
 CVE-2025-26355
<= 2.11.0
A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an au
6.5MEDIUM
 CVE-2025-26354
<= 2.11.0
A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (copy endpoint) in Q-Free MaxTime less than or equal to version 2.1
7.2HIGH
 CVE-2025-26353
<= 2.11.0
A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticate
4.9MEDIUM
 CVE-2025-26352
<= 2.11.0
A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an auth
6.5MEDIUM
 CVE-2025-26351
<= 2.11.0
A CWE-35 "Path Traversal" in the template download mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an auth
4.9MEDIUM
 CVE-2025-26350
<= 2.11.0
A CWE-434 "Unrestricted Upload of File with Dangerous Type" in the template file uploads in Q-Free MaxTime less than or equal to v
4.9MEDIUM
 CVE-2025-26349
<= 2.11.0
A CWE-23 "Relative Path Traversal" in the file upload mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an a
7.2HIGH
 CVE-2025-26348
<= 2.11.0
A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (edit
5.5MEDIUM
 CVE-2025-26347
<= 2.11.0
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to ver
9.8CRITICAL
 CVE-2025-26346
<= 2.11.0
A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (edit
5.5MEDIUM
 CVE-2025-26345
<= 2.11.0
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to ver
9.8CRITICAL
 CVE-2025-26344
<= 2.11.0
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Free MaxTime less than or equal
9.8CRITICAL
 CVE-2025-26343
<= 2.11.0
A CWE-1390 "Weak Authentication" in the PIN authentication mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows
8.1HIGH
 CVE-2025-26342
<= 2.11.0
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to
9.8CRITICAL
 CVE-2025-26341
<= 2.11.0
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to
9.8CRITICAL
 CVE-2025-26340
<= 2.11.0
A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT signing in Q-Free MaxTime less than or equal to version 2.11.0 allows a
8.8HIGH
 CVE-2025-26339
<= 2.11.0
A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to versio
9.8CRITICAL
 CVE-2025-1102
<= 2.11.0
A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or equal to version 2.11.0 allows an una
5.5MEDIUM
 CVE-2025-1101
<= 2.11.0
A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an una
5.3MEDIUM
 CVE-2025-1100
<= 2.11.0
A CWE-259 "Use of Hard-coded Password" for the root account in Q-Free MaxTime less than or equal to version 2.11.0 allows an unaut
9.8CRITICAL
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns TAXII feed Data sources
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh