Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339825 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26354 | 1 Q-free | 1 Maxtime | 2025-10-28 | 7.2 High |
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (copy endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests. | ||||
| CVE-2025-26355 | 1 Q-free | 1 Maxtime | 2025-10-28 | 6.5 Medium |
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests. | ||||
| CVE-2025-26356 | 1 Q-free | 1 Maxtime | 2025-10-28 | 7.2 High |
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (setActive endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests. | ||||
| CVE-2025-26357 | 1 Q-free | 1 Maxtime | 2025-10-28 | 4.9 Medium |
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. | ||||
| CVE-2025-26358 | 1 Q-free | 1 Maxtime | 2025-10-28 | 5.5 Medium |
| A CWE-15 "External Control of System or Configuration Setting" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to modify system configuration via crafted HTTP requests. | ||||
| CVE-2025-26359 | 1 Q-free | 1 Maxtime | 2025-10-28 | 9.8 Critical |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests. | ||||
| CVE-2025-26360 | 1 Q-free | 1 Maxtime | 2025-10-28 | 5.3 Medium |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests. | ||||
| CVE-2025-26361 | 1 Q-free | 1 Maxtime | 2025-10-28 | 9.1 Critical |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests. | ||||
| CVE-2025-21059 | 1 Samsung | 1 Health | 2025-10-28 | 6.2 Medium |
| Improper authorization in Samsung Health prior to version 6.30.5.105 allows local attackers to access data in Samsung Health. | ||||
| CVE-2025-26362 | 1 Q-free | 1 Maxtime | 2025-10-28 | 7.5 High |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile server via crafted HTTP requests. | ||||
| CVE-2025-26363 | 1 Q-free | 1 Maxtime | 2025-10-28 | 7.5 High |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile server via crafted HTTP requests. | ||||
| CVE-2025-26364 | 1 Q-free | 1 Maxtime | 2025-10-28 | 7.5 High |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profile server via crafted HTTP requests. | ||||
| CVE-2025-26365 | 1 Q-free | 1 Maxtime | 2025-10-28 | 7.5 High |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests. | ||||
| CVE-2025-26366 | 1 Q-free | 1 Maxtime | 2025-10-28 | 7.5 High |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests. | ||||
| CVE-2025-26370 | 1 Q-free | 1 Maxtime | 2025-10-28 | 7.1 High |
| A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove privileges from user groups via crafted HTTP requests. | ||||
| CVE-2025-26373 | 1 Q-free | 1 Maxtime | 2025-10-28 | 6.5 Medium |
| A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests. | ||||
| CVE-2025-26377 | 1 Q-free | 1 Maxtime | 2025-10-28 | 8.1 High |
| A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users via crafted HTTP requests. | ||||
| CVE-2025-21060 | 1 Samsung | 1 Smart Switch | 2025-10-28 | 5.5 Medium |
| Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access backup data from applications. User interaction is required for triggering this vulnerability. | ||||
| CVE-2025-21061 | 1 Samsung | 1 Smart Switch | 2025-10-28 | 7.1 High |
| Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access sensitive data. User interaction is required for triggering this vulnerability. | ||||
| CVE-2025-47902 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2025-10-28 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5. | ||||