CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

868 matches found

NVD•added 2026/03/20 2:16 a.m.•3 views

CVE-2026-4466

A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public an...

5.8CVSS0.02479EPSS

Exploits0References4

Cvelist•added 2026/03/20 2:2 a.m.•23 views

CVE-2026-4466 Comfast CF-AC100 mbox-config command injection

5.8CVSS0.02479EPSS

Exploits0References4

CVE•added 2026/03/20 2:2 a.m.•4 views

CVE-2026-4466

Summary: CVE-2026-4466 affects Comfast CF-AC100 2.6.0.8. The issue arises in an unknown function within the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone, where manipulation enables a command injection . Impact described: remote code execution is possible, with exploitation disclosed ...

5.8CVSS5.3AI score0.02479EPSS

Exploits0References4

RedhatCVE•added 2026/02/21 7:27 a.m.•5 views

CVE-2026-2823

A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub41ACCC of the file /cgi-bin/mbox-config?method=SET=ntptimezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible to be...

8.8CVSS6.3AI score0.13049EPSS

Exploits1References1

OSV•added 2026/02/20 5:17 a.m.•4 views

CVE-2026-2823

A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub41ACCC of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible t...

8.8CVSS5.6AI score0.13049EPSS

Exploits1References4

NVD•added 2026/02/20 5:17 a.m.•11 views

CVE-2026-2823

8.8CVSS0.13049EPSS

Exploits1References4

Cvelist•added 2026/02/20 5:2 a.m.•28 views

CVE-2026-2823 Comfast CF-E7 webmggnt mbox-config sub_41ACCC command injection

6.5CVSS0.13049EPSS

Exploits1References4

Vulnrichment•added 2026/02/20 5:2 a.m.•4 views

CVE-2026-2823 Comfast CF-E7 webmggnt mbox-config sub_41ACCC command injection

6.5CVSS5.4AI score0.13049EPSS

Exploits1References4

CVE•added 2026/02/20 5:2 a.m.•15 views

CVE-2026-2823

CVE-2026-2823 affects Comfast CF-E7 with firmware 2.6.0.9. The vulnerability lies in the webmgmt component, specifically the function sub_41ACCC in /cgi-bin/mbox-config?method=SET&section=ntp_timezone, where manipulating the timestr argument results in a remote command-injection. The vulnerabilit...

8.8CVSS6.4AI score0.13049EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/02/20 12:0 a.m.•11 views

PT-2026-20999

A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub 41ACCC of the file /cgi-bin/mbox-config?method=SET&section=ntp timezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible...

6.5CVSS5.4AI score0.13049EPSS

Exploits1References5

RedhatCVE•added 2026/02/19 7:21 p.m.•3 views

CVE-2026-20139

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload into the...

4.3CVSS5.5AI score0.00248EPSS

Exploits0References1

NVD•added 2026/02/18 6:24 p.m.•8 views

CVE-2026-20139

4.3CVSS0.00248EPSS

Exploits0References1

Cvelist•added 2026/02/18 4:45 p.m.•21 views

CVE-2026-20139 Client-Side Denial of Service (DoS) through ''/splunkd/__raw/services/authentication/users/username'' REST API endpoint in Splunk Enterprise

4.3CVSS0.00248EPSS

Exploits0References1

CVE•added 2026/02/18 4:45 p.m.•13 views

CVE-2026-20139

CVE-2026-20139 affects Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121. A low-privileged user (not admin/power) can craft a malicious payload into realname, tz, or email via the /spl...

4.3CVSS5.5AI score0.00248EPSS

Exploits0References1Affected Software2

ATTACKERKB•added 2026/02/18 4:45 p.m.•4 views

CVE-2026-20139

4.3CVSS5.5AI score0.00248EPSS

Exploits0References2Affected Software2

RedhatCVE•added 2026/02/17 7:28 a.m.•9 views

CVE-2026-2537

A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET=ntptimezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched remotely...

7.2CVSS5.5AI score0.15386EPSS

Exploits1References1

EUVD•added 2026/02/16 6:31 a.m.•8 views

EUVD-2026-6124

A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched...

5.8CVSS5.5AI score0.15386EPSS

Exploits1References5

OSV•added 2026/02/16 6:16 a.m.•2 views

CVE-2026-2537

7.2CVSS5.7AI score

Exploits0References4

ATTACKERKB•added 2026/02/16 5:32 a.m.•2 views

CVE-2026-2537

5.8CVSS5.5AI score0.15386EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/02/16 5:32 a.m.•36 views

CVE-2026-2537 Comfast CF-E4 HTTP POST Request mbox-config command injection