Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.8 MEDIUM
CVE-2026-7000 — Datacom DM4100 VLAN Page cross site scripting

A vulnerability has been found in Datacom DM4100 1.3.6.1.4.1.3709. Affected by this issue is some unknown functionality of the component VLAN Page. Such manipulation of the argument VLAN Name leads t…

Remote | Cross-Site Scripting
Apr 25, 2026 Apr 25, 2026
Apr 25, 2026
Apr 25, 2026
4.8 MEDIUM
CVE-2026-6999 — BIVOCOM TR321 Wireless Setting cross site scripting

A flaw has been found in BIVOCOM TR321 21.1.1.50. Affected by this vulnerability is an unknown functionality of the component Wireless Setting. This manipulation of the argument Network Name SSID cau…

Remote | Cross-Site Scripting
Apr 25, 2026 Apr 25, 2026
Apr 25, 2026
Apr 25, 2026
4.8 MEDIUM
CVE-2026-6998 — BDCOM P3310D New RMON Statistics cross site scripting

A vulnerability was detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. Affected is an unknown function of the component New RMON Statistics Page. The manipulation of the argument Owner results in cr…

Remote | Cross-Site Scripting
Apr 25, 2026 Apr 25, 2026
Apr 25, 2026
Apr 25, 2026
0.0 NA
CVE-2026-7001 — Datacom DM4100 Ethernet Configuration cross site scripting

A vulnerability was found in Datacom DM4100 1.3.6.1.4.1.3709. This affects an unknown part of the component Ethernet Configuration Page. Performing a manipulation of the argument Name results in cros…

| Cross-Site Scripting
Apr 25, 2026 Apr 25, 2026
Apr 25, 2026
Apr 25, 2026
4.8 MEDIUM
CVE-2026-6997 — BDCOM P3310D New RMON History cross site scripting

A security vulnerability has been detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This impacts an unknown function of the component New RMON History Page. The manipulation of the argument Owner l…

Remote | Cross-Site Scripting
Apr 25, 2026 Apr 25, 2026
Apr 25, 2026
Apr 25, 2026
4.8 MEDIUM
CVE-2026-6996 — BDCOM P3310D rmon event Tab cross site scripting

A weakness has been identified in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This affects an unknown function of the component rmon event Tab. Executing a manipulation of the argument Description can le…

Remote | Cross-Site Scripting
Apr 25, 2026 Apr 25, 2026
Apr 25, 2026
Apr 25, 2026
4.8 MEDIUM
CVE-2026-6995 — BDCOM P3310D New User index.asp cross site scripting

A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipula…

Remote | Cross-Site Scripting
Apr 25, 2026 Apr 25, 2026
Apr 25, 2026
Apr 25, 2026
6.5 MEDIUM
CVE-2026-6994 — Envoy Query Parameter header_mutation.cc params.add injection

A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/header_mutation/header_mutation.cc of the component Query Paramete…

Remote | Injection
Apr 25, 2026 Apr 25, 2026
Apr 25, 2026
Apr 25, 2026
5.5 MEDIUM
CVE-2026-6993 — go-kratos http.DefaultServeMux Fallback server.go NewServer confused deputy

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. T…

Remote | Misconfiguration
Apr 25, 2026 Apr 25, 2026
Apr 25, 2026
Apr 25, 2026
8.3 HIGH
CVE-2026-6992 — Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command inje…

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run_central2.sh of the component JNAP Action Handler. T…

Remote | Injection
Apr 25, 2026 Apr 25, 2026
Apr 25, 2026
Apr 25, 2026
6.5 MEDIUM
CVE-2026-6991 — colinhacks Zod CUID Data Type regexes.ts sql injection

A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Exec…

Remote | Injection
Apr 25, 2026 Apr 25, 2026
Apr 25, 2026
Apr 25, 2026
5.1 MEDIUM
CVE-2026-6990 — projeto-siga novo cross site scripting

A vulnerability was found in projeto-siga siga 11.0.3.18. The affected element is an unknown function of the file /sigawf/app/responsavel/novo. Performing a manipulation of the argument Nome/Descriçã…

Remote | Cross-Site Scripting
Apr 25, 2026 Apr 25, 2026
Apr 25, 2026
Apr 25, 2026
6.5 MEDIUM
CVE-2026-6989 — Tenda F453 Telnet Service telnet TendaTelnet command injection

A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injecti…

Remote | Injection
Apr 25, 2026 Apr 25, 2026
Apr 25, 2026
Apr 25, 2026
9.0 HIGH
CVE-2026-6988 — Tenda HG10 Boa Service formRouting formRoute buffer overflow

A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the…

Remote | Memory Corruption
Apr 25, 2026 Apr 25, 2026
Apr 25, 2026
Apr 25, 2026
7.5 HIGH
CVE-2026-6987 — PicoClaw Web Launcher Management Plane restart command injection

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation result…

Remote | Injection
Apr 25, 2026 Apr 25, 2026
Apr 25, 2026
Apr 25, 2026
6.3 MEDIUM
CVE-2026-6986 — Cesanta Mongoose GCM Authentication Tag tls_aes128.c mg_aes_gcm_decrypt signature verific…

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt of the file /src/tls_aes128.c of the component GCM Authentication Tag Han…

mongoose | Remote | Cryptography
Apr 25, 2026 Apr 25, 2026
Apr 25, 2026
Apr 25, 2026
5.5 MEDIUM
CVE-2026-6985 — Cesanta Mongoose TCP Option net_builtin.c handle_opt infinite loop

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the component TCP Option Handler. This manipulation…

mongoose | Remote | Denial of Service
Apr 25, 2026 Apr 25, 2026
Apr 25, 2026
Apr 25, 2026
5.8 MEDIUM
CVE-2026-6984 — AstrBotDevs AstrBot Dashboard API t2i.py create_template special elements used in a templ…

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create_template of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The mani…

astrbot | Remote | Injection
Apr 25, 2026 Apr 25, 2026
Apr 25, 2026
Apr 25, 2026
5.8 MEDIUM
CVE-2026-6983 — pagekit download server-side request forgery

A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url …

pagekit | Remote | Server-Side Request Forgery
Apr 25, 2026 Apr 25, 2026
Apr 25, 2026
Apr 25, 2026
6.5 MEDIUM
CVE-2026-6982 — star7th ShowDoc API Page Sort Endpoint PageController.class.PHP sql injection

A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.cl…

showdoc | Remote | Injection
Apr 25, 2026 Apr 25, 2026
Apr 25, 2026
Apr 25, 2026
Showing 20 of 5815 Results