4.8
CVE-2026-6995 - BDCOM P3310D New User index.asp cross site scripting
A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulation of the argument User name results in cross site scripting. The attack may be initiated remotelyโฆ
5.3
CVE-2026-6994 - Envoy Query Parameter header_mutation.cc params.add injection
A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/header_mutation/header_mutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch โฆ
6.9
CVE-2026-6993 - go-kratos http.DefaultServeMux Fallback server.go NewServer confused deputy
A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The exploitโฆ
8.6
CVE-2026-6992 - Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection
A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run_central2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated remotโฆ
5.3
CVE-2026-6991 - colinhacks Zod CUID Data Type regexes.ts sql injection
A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit hasโฆ
5.1
CVE-2026-6990 - projeto-siga novo cross site scripting
A vulnerability was found in projeto-siga siga 11.0.3.18. The affected element is an unknown function of the file /sigawf/app/responsavel/novo. Performing a manipulation of the argument Nome/Descriรงรฃo results in cross site scripting. The attack can be initiated remotely. The exploit has been made pโฆ
5.3
CVE-2026-6989 - Tenda F453 Telnet Service telnet TendaTelnet command injection
A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and mโฆ
8.7
CVE-2026-6988 - Tenda HG10 Boa Service formRouting formRoute buffer overflow
A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploiโฆ
6.9
CVE-2026-6987 - PicoClaw Web Launcher Management Plane restart command injection
A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed of โฆ
6.3
CVE-2026-6986 - Cesanta Mongoose GCM Authentication Tag tls_aes128.c mg_aes_gcm_decrypt signature verification
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt of the file /src/tls_aes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may beโฆ