| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6997 | BDCOM P3310D New RMON History cross site scripting | BDCOM | P3310D | Low | 2.4 | 2026-04-25 20:00:19 | Deep Dive |
| CVE-2026-6996 | BDCOM P3310D rmon event Tab cross site scripting | BDCOM | P3310D | Low | 2.4 | 2026-04-25 19:45:12 | Deep Dive |
| CVE-2026-6995 | BDCOM P3310D New User index.asp cross site scripting | BDCOM | P3310D | Low | 2.4 | 2026-04-25 19:15:14 | Deep Dive |
| CVE-2026-6994 | Envoy Query Parameter header_mutation.cc params.add injection | - | Envoy | Medium | 6.3 | 2026-04-25 19:00:19 | Deep Dive |
| CVE-2026-6993 | go-kratos http.DefaultServeMux Fallback server.go NewServer confused deputy | go-kratos | kratos | Medium | 5.3 | 2026-04-25 18:30:16 | Deep Dive |
| CVE-2026-6992 | Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection | Linksys | MR9600 | High | 7.2 | 2026-04-25 18:00:20 | Deep Dive |
| CVE-2026-6991 | colinhacks Zod CUID Data Type regexes.ts sql injection | colinhacks | Zod | Medium | 6.3 | 2026-04-25 17:45:14 | Deep Dive |
| CVE-2026-6990 | projeto-siga novo cross site scripting | projeto-siga | siga | Low | 3.5 | 2026-04-25 17:30:16 | Deep Dive |
| CVE-2026-6989 | Tenda F453 Telnet Service telnet TendaTelnet command injection | Tenda | F453 | Medium | 6.3 | 2026-04-25 17:15:18 | Deep Dive |
| CVE-2026-6988 | Tenda HG10 Boa Service formRouting formRoute buffer overflow | Tenda | HG10 | High | 8.8 | 2026-04-25 17:00:24 | Deep Dive |
| CVE-2026-6987 | PicoClaw Web Launcher Management Plane restart command injection | - | PicoClaw | High | 7.3 | 2026-04-25 16:45:10 | Deep Dive |
| CVE-2026-6986 | Cesanta Mongoose GCM Authentication Tag tls_aes128.c mg_aes_gcm_decrypt signature verification | Cesanta | Mongoose | Low | 3.7 | 2026-04-25 16:30:13 | Deep Dive |
| CVE-2026-6985 | Cesanta Mongoose TCP Option net_builtin.c handle_opt infinite loop | Cesanta | Mongoose | Medium | 5.3 | 2026-04-25 16:15:14 | Deep Dive |
| CVE-2026-6984 | AstrBotDevs AstrBot Dashboard API t2i.py create_template special elements used in a template engine | AstrBotDevs | AstrBot | Medium | 4.7 | 2026-04-25 15:30:25 | Deep Dive |
| CVE-2026-6983 | pagekit download server-side request forgery | - | pagekit | Medium | 4.7 | 2026-04-25 15:15:17 | Deep Dive |
| CVE-2026-6982 | star7th ShowDoc API Page Sort Endpoint PageController.class.PHP sql injection | star7th | ShowDoc | Medium | 6.3 | 2026-04-25 14:30:23 | Deep Dive |
| CVE-2026-6981 | IhateCreatingUserNames2 AiraHub2 Endpoint AiraHub.py sync_agents server-side request forgery | IhateCreatingUserNames2 | AiraHub2 | Medium | 6.3 | 2026-04-25 14:15:13 | Deep Dive |
| CVE-2026-6980 | Divyanshu-hash GitPilot-MCP main.py repo_path command injection | Divyanshu-hash | GitPilot-MCP | High | 7.3 | 2026-04-25 13:00:15 | Deep Dive |
| CVE-2026-6979 | devlikeapro WAHA API Request media.controller.ts server-side request forgery | devlikeapro | WAHA | Medium | 6.3 | 2026-04-25 12:00:21 | Deep Dive |
| CVE-2026-6978 | JiZhiCMS addcache.html htmlspecialchars_decode sql injection | - | JiZhiCMS | Medium | 4.7 | 2026-04-25 11:45:15 | Deep Dive |