CVE-2025-26357

MEDIUM Year: 2025
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-35
View all →

Vulnerability Description

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests.

Related Vulnerabilities

CVE-2021-1282

MEDIUM
CVSS:4.9(Medium)

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on ...

CWE-352021

CVE-2021-1364

MEDIUM
CVSS:4.9(Medium)

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on ...

CWE-352021

CVE-2024-52390

MEDIUM
CVSS:4.9(Medium)

: Path Traversal: '.../...//' vulnerability in CYAN Backup allows Path Traversal.This issue affects CYAN Backup: from n/a through 2.5.3.

CWE-352024

CVE-2025-26351

MEDIUM
CVSS:4.9(Medium)

A CWE-35 "Path Traversal" in the template download mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP req...

CWE-352025

CVE-2025-26353

MEDIUM
CVSS:4.9(Medium)

A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests.

CWE-352025

CVE-2025-27274

MEDIUM
CVSS:4.9(Medium)

Path Traversal vulnerability in NotFound GPX Viewer allows Path Traversal. This issue affects GPX Viewer: from n/a through 2.2.11.

CWE-352025