| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6989 | Tenda F453 Telnet Service telnet TendaTelnet command injection | Tenda | F453 | Medium | 6.3 | 2026-04-25 17:15:18 | Deep Dive |
| CVE-2026-6988 | Tenda HG10 Boa Service formRouting formRoute buffer overflow | Tenda | HG10 | High | 8.8 | 2026-04-25 17:00:24 | Deep Dive |
| CVE-2026-6987 | PicoClaw Web Launcher Management Plane restart command injection | - | PicoClaw | High | 7.3 | 2026-04-25 16:45:10 | Deep Dive |
| CVE-2026-6986 | Cesanta Mongoose GCM Authentication Tag tls_aes128.c mg_aes_gcm_decrypt signature verification | Cesanta | Mongoose | Low | 3.7 | 2026-04-25 16:30:13 | Deep Dive |
| CVE-2026-6985 | Cesanta Mongoose TCP Option net_builtin.c handle_opt infinite loop | Cesanta | Mongoose | Medium | 5.3 | 2026-04-25 16:15:14 | Deep Dive |
| CVE-2026-6984 | AstrBotDevs AstrBot Dashboard API t2i.py create_template special elements used in a template engine | AstrBotDevs | AstrBot | Medium | 4.7 | 2026-04-25 15:30:25 | Deep Dive |
| CVE-2026-6983 | pagekit download server-side request forgery | - | pagekit | Medium | 4.7 | 2026-04-25 15:15:17 | Deep Dive |
| CVE-2026-6982 | star7th ShowDoc API Page Sort Endpoint PageController.class.PHP sql injection | star7th | ShowDoc | Medium | 6.3 | 2026-04-25 14:30:23 | Deep Dive |
| CVE-2026-6981 | IhateCreatingUserNames2 AiraHub2 Endpoint AiraHub.py sync_agents server-side request forgery | IhateCreatingUserNames2 | AiraHub2 | Medium | 6.3 | 2026-04-25 14:15:13 | Deep Dive |
| CVE-2026-6980 | Divyanshu-hash GitPilot-MCP main.py repo_path command injection | Divyanshu-hash | GitPilot-MCP | High | 7.3 | 2026-04-25 13:00:15 | Deep Dive |
| CVE-2026-6979 | devlikeapro WAHA API Request media.controller.ts server-side request forgery | devlikeapro | WAHA | Medium | 6.3 | 2026-04-25 12:00:21 | Deep Dive |
| CVE-2026-6978 | JiZhiCMS addcache.html htmlspecialchars_decode sql injection | - | JiZhiCMS | Medium | 4.7 | 2026-04-25 11:45:15 | Deep Dive |
| CVE-2026-6977 | vanna-ai vanna Legacy Flask API improper authorization | vanna-ai | vanna | High | 7.3 | 2026-04-25 10:15:14 | Deep Dive |
| CVE-2026-31685 | netfilter: ip6t_eui64: reject invalid MAC header for all packets | Linux | Linux | - | - | 2026-04-25 08:47:03 | Deep Dive |
| CVE-2026-31684 | net: sched: act_csum: validate nested VLAN headers | Linux | Linux | - | - | 2026-04-25 08:47:02 | Deep Dive |
| CVE-2026-31683 | batman-adv: avoid OGM aggregation when skb tailroom is insufficient | Linux | Linux | - | - | 2026-04-25 08:47:00 | Deep Dive |
| CVE-2026-31682 | bridge: br_nd_send: linearize skb before parsing ND options | Linux | Linux | - | - | 2026-04-25 08:46:59 | Deep Dive |
| CVE-2026-31681 | netfilter: xt_multiport: validate range encoding in checkentry | Linux | Linux | - | - | 2026-04-25 08:46:58 | Deep Dive |
| CVE-2026-31680 | net: ipv6: flowlabel: defer exclusive option free until RCU teardown | Linux | Linux | - | - | 2026-04-25 08:46:57 | Deep Dive |
| CVE-2026-31679 | openvswitch: validate MPLS set/set_masked payload length | Linux | Linux | - | - | 2026-04-25 08:46:56 | Deep Dive |