Lucene search
K

871 matches found

Cvelist
Cvelist
added 2026/02/16 5:32 a.m.39 views

CVE-2026-2537 Comfast CF-E4 HTTP POST Request mbox-config command injection

A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched...

5.8CVSS0.2044EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.9 views

PT-2026-8314

Name of the Vulnerable Software and Affected Versions Comfast CF-E4 version 2.6.0.1 Description A flaw exists in Comfast CF-E4 that allows for remote command injection. The issue is located within the HTTP POST Request Handler component, specifically in the file...

5.8CVSS5.1AI score0.2044EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/02/16 12:0 a.m.8 views

Comfast CF-E4 命令注入漏洞

The Comfast CF-E4 is a wireless router produced by Comfast Corporation. The Comfast CF-E4 2.6.0.1 version has a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter “timestr” in the file /cgi-bin/mbox-config?method=SET§ion=ntptimezone within the...

7.2CVSS5.8AI score0.2044EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/10 7:33 a.m.7 views

CVE-2026-2203

A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functionality of the file /goform/fastsettingwifiset of the component Embedded Httpd Service. This manipulation of the argument timeZone causes buffer overflow. Remote exploitation of the attack is...

9CVSS5.6AI score0.00622EPSS
Exploits1References1
NVD
NVD
added 2026/02/09 3:16 a.m.6 views

CVE-2026-2203

A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functionality of the file /goform/fastsettingwifiset of the component Embedded Httpd Service. This manipulation of the argument timeZone causes buffer overflow. Remote exploitation of the attack is...

9CVSS0.00622EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/02/09 2:2 a.m.3 views

CVE-2026-2203

A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functionality of the file /goform/fastsettingwifiset of the component Embedded Httpd Service. This manipulation of the argument timeZone causes buffer overflow. Remote exploitation of the attack is...

9CVSS8.2AI score0.00622EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.11 views

Tenda AC8 安全漏洞

The Tenda AC8 is a wireless router produced by the Chinese company Tenda. Version 16.03.33.05 of the Tenda AC8 contains a security vulnerability. This vulnerability stems from incorrect handling of the file/goform/fast-settingwifi-set parameter timeZone in the Embedded Httpd Service component,...

9CVSS7.7AI score0.00622EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.8 views

PT-2026-6986

Name of the Vulnerable Software and Affected Versions Tenda AC8 version 16.03.33.05 Description A buffer overflow issue exists in the Embedded Httpd Service component of Tenda AC8. The flaw is located in the file '/goform/fast setting wifi set' and is triggered by manipulating the timeZone...

9CVSS5.5AI score0.00622EPSS
Exploits1References8
Oracle linux
Oracle linux
added 2026/01/28 12:0 a.m.10 views

mariadb security update

1:5.5.68-1.0.1 - Fixes CVE-2025-13699, remote code execution via improper path validation Orabug: 38829265 - Fixes failing SSL and timezone tests...

7CVSS6.5AI score0.00414EPSS
Exploits0
OSV
OSV
added 2026/01/23 10:3 a.m.9 views

CLSA-2026-1769162597 mariadb: Fix of CVE-2025-13699

timezone-test-to-cet: change the timezone to CET to fix the test failure - CVE-2025-13699: fix directory traversal...

7CVSS7AI score0.00414EPSS
Exploits0References1
OSV
OSV
added 2026/01/19 9:35 a.m.8 views

CLSA-2026-1768815310 mariadb: Fix of CVE-2025-13699

timezone-test-to-cet: change the timezone to CET to fix the test failure - CVE-2025-13699: fix directory traversal in mariadb-dump --tab by safely converting table and view names when generating output file paths...

7CVSS7AI score0.00414EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/17 12:23 a.m.14 views

CVE-2025-70746

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

7.5CVSS7.6AI score0.00401EPSS
Exploits1References1
OSV
OSV
added 2026/01/16 4:15 p.m.6 views

CVE-2025-70746

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

7.5CVSS5.9AI score0.00401EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.9 views

PT-2026-3258

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

7.5CVSS7.6AI score0.00401EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.6 views

Tenda AX1806 security vulnerabilities

The Tenda AX1806 is a WiFi6 wireless router produced by the Chinese company Tenda. The Tenda AX1806 v1.0.0.1 version has a security vulnerability. This vulnerability stems from a stack overflow in the timeZone parameter of the fromSetSysTime function, which may allow for a denial-of-service attac...

7.5CVSS5.8AI score0.00401EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/16 12:0 a.m.3 views

CVE-2025-70746

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

7.5CVSS5.5AI score0.00401EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/16 12:0 a.m.3 views

CVE-2025-70746

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

7.2AI score0.00401EPSS
Exploits1References1
CVE
CVE
added 2026/01/16 12:0 a.m.13 views

CVE-2025-70746

CVE-2025-70746 affects Tenda AX-1806 v1.0.0.1. The vulnerability is a stack overflow in the timeZone parameter of the fromSetSysTime function, which can cause a Denial of Service (DoS) when processing a crafted request. The connected sources describe the same issue but do not provide details on a...

7.5CVSS7.2AI score0.00401EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2026/01/16 12:0 a.m.185 views

📄 AVideo Notify.ffmpeg.json.php Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the AVideos notify.ffmpeg.json.php endpoint. The vulnerability stems from a critical cryptographic weakness in the salt generation mechanism combined with information disclosure vulnerabilities that allow an...

9.3CVSS7.9AI score0.01457EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/01/09 10:42 a.m.6 views

CVE-2022-26991

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ntp function via the TimeZone parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

9.8CVSS8.6AI score0.02718EPSS
Exploits1References1
Rows per page
Query Builder