Search

Expected end of text, found '.' (at char 9), (line:1, col:10)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (316040 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-38226 1 Microsoft 3 Office 2019, Office Long Term Servicing Channel, Publisher 2025-10-28 7.3 High
Microsoft Publisher Security Feature Bypass Vulnerability
CVE-2025-26352 1 Q-free 1 Maxtime 2025-10-28 6.5 Medium
A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests.
CVE-2025-26353 1 Q-free 1 Maxtime 2025-10-28 4.9 Medium
A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests.
CVE-2025-26354 1 Q-free 1 Maxtime 2025-10-28 7.2 High
A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (copy endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests.
CVE-2025-26355 1 Q-free 1 Maxtime 2025-10-28 6.5 Medium
A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests.
CVE-2025-26356 1 Q-free 1 Maxtime 2025-10-28 7.2 High
A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (setActive endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests.
CVE-2025-26357 1 Q-free 1 Maxtime 2025-10-28 4.9 Medium
A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests.
CVE-2025-26358 1 Q-free 1 Maxtime 2025-10-28 5.5 Medium
A CWE-15 "External Control of System or Configuration Setting" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to modify system configuration via crafted HTTP requests.
CVE-2025-26359 1 Q-free 1 Maxtime 2025-10-28 9.8 Critical
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests.
CVE-2025-26360 1 Q-free 1 Maxtime 2025-10-28 5.3 Medium
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests.
CVE-2025-26361 1 Q-free 1 Maxtime 2025-10-28 9.1 Critical
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests.
CVE-2025-21059 1 Samsung 1 Health 2025-10-28 6.2 Medium
Improper authorization in Samsung Health prior to version 6.30.5.105 allows local attackers to access data in Samsung Health.
CVE-2025-26362 1 Q-free 1 Maxtime 2025-10-28 7.5 High
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile server via crafted HTTP requests.
CVE-2025-26363 1 Q-free 1 Maxtime 2025-10-28 7.5 High
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile server via crafted HTTP requests.
CVE-2025-26364 1 Q-free 1 Maxtime 2025-10-28 7.5 High
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profile server via crafted HTTP requests.
CVE-2025-26365 1 Q-free 1 Maxtime 2025-10-28 7.5 High
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests.
CVE-2025-26366 1 Q-free 1 Maxtime 2025-10-28 7.5 High
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests.
CVE-2025-26370 1 Q-free 1 Maxtime 2025-10-28 7.1 High
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove privileges from user groups via crafted HTTP requests.
CVE-2025-26373 1 Q-free 1 Maxtime 2025-10-28 6.5 Medium
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.
CVE-2025-26377 1 Q-free 1 Maxtime 2025-10-28 8.1 High
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users via crafted HTTP requests.