8.6

CVSS4.0

CVE-2026-6992 - Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run_central2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated remot…

πŸ“… Published: April 25, 2026, 6 p.m. πŸ”„ Last Modified: April 25, 2026, 6 p.m.

5.3

CVSS4.0

CVE-2026-6991 - colinhacks Zod CUID Data Type regexes.ts sql injection

A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has…

πŸ“… Published: April 25, 2026, 5:45 p.m. πŸ”„ Last Modified: April 25, 2026, 5:45 p.m.

5.1

CVSS4.0

CVE-2026-6990 - projeto-siga novo cross site scripting

A vulnerability was found in projeto-siga siga 11.0.3.18. The affected element is an unknown function of the file /sigawf/app/responsavel/novo. Performing a manipulation of the argument Nome/DescriΓ§Γ£o results in cross site scripting. The attack can be initiated remotely. The exploit has been made p…

πŸ“… Published: April 25, 2026, 5:30 p.m. πŸ”„ Last Modified: April 25, 2026, 5:30 p.m.

5.3

CVSS4.0

CVE-2026-6989 - Tenda F453 Telnet Service telnet TendaTelnet command injection

A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and m…

πŸ“… Published: April 25, 2026, 5:15 p.m. πŸ”„ Last Modified: April 25, 2026, 5:15 p.m.

8.7

CVSS4.0

CVE-2026-6988 - Tenda HG10 Boa Service formRouting formRoute buffer overflow

A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploi…

πŸ“… Published: April 25, 2026, 5 p.m. πŸ”„ Last Modified: April 25, 2026, 5 p.m.

6.9

CVSS4.0

CVE-2026-6987 - PicoClaw Web Launcher Management Plane restart command injection

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed of …

πŸ“… Published: April 25, 2026, 4:45 p.m. πŸ”„ Last Modified: April 25, 2026, 4:45 p.m.

6.3

CVSS4.0

CVE-2026-6986 - Cesanta Mongoose GCM Authentication Tag tls_aes128.c mg_aes_gcm_decrypt signature verification

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt of the file /src/tls_aes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be…

πŸ“… Published: April 25, 2026, 4:30 p.m. πŸ”„ Last Modified: April 25, 2026, 4:30 p.m.

6.9

CVSS4.0

CVE-2026-6985 - Cesanta Mongoose TCP Option net_builtin.c handle_opt infinite loop

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The…

πŸ“… Published: April 25, 2026, 4:15 p.m. πŸ”„ Last Modified: April 25, 2026, 4:15 p.m.

5.1

CVSS4.0

CVE-2026-6984 - AstrBotDevs AstrBot Dashboard API t2i.py create_template special elements used in a template engine

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create_template of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The attac…

πŸ“… Published: April 25, 2026, 3:30 p.m. πŸ”„ Last Modified: April 25, 2026, 3:30 p.m.

5.1

CVSS4.0

CVE-2026-6983 - pagekit download server-side request forgery

A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit is …

πŸ“… Published: April 25, 2026, 3:15 p.m. πŸ”„ Last Modified: April 25, 2026, 3:15 p.m.
Total resulsts: 346554
Page 2 of 34,656
Β« previous page Β» next page
Filters