CVE-2026-6998

CVE-2026-6998 affects BDCOM P3310D version 0.4.2, build 10.1.0F (86345). The vulnerability targets an unknown function within the New RMON Statistics Page, where manipulating the Owner argument triggers a cross-site scripting (XSS) flaw. The attack is described as executable remotely, and public ...

CVE-2026-6997 BDCOM P3310D New RMON History cross site scripting

A security vulnerability has been detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This impacts an unknown function of the component New RMON History Page. The manipulation of the argument Owner leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-6996 BDCOM P3310D rmon event Tab cross site scripting

A weakness has been identified in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This affects an unknown function of the component rmon event Tab. Executing a manipulation of the argument Description can lead to cross site scripting. The attack may be launched remotely. The exploit has been made availab...

CVE-2026-6996 BDCOM P3310D rmon event Tab cross site scripting

A weakness has been identified in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This affects an unknown function of the component rmon event Tab. Executing a manipulation of the argument Description can lead to cross site scripting. The attack may be launched remotely. The exploit has been made availab...

EUVD-2026-25672

A weakness has been identified in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This affects an unknown function of the component rmon event Tab. Executing a manipulation of the argument Description can lead to cross site scripting. The attack may be launched remotely. The exploit has been made availab...

CVE-2026-6994

A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/headermutation/headermutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch...

CVE-2026-6993

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

CVE-2026-6995

CVE-2026-6995 concerns BDCOM P3310D (firmware 0.4.2, 10.1.0F Build 86345) and its /index.asp New User Page. The vulnerability arises from manipulating the User name argument, enabling cross-site scripting (XSS). The issue is exploitable remotely and public exploits exist. Documented impact is lim...

EUVD-2026-25671

A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulation of the argument User name results in cross site scripting. The attack may be initiated...

CVE-2026-6995 BDCOM P3310D New User index.asp cross site scripting

A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulation of the argument User name results in cross site scripting. The attack may be initiated...

PicoClaw has an Injection issue in its Web Launcher Management Plane component

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

EUVD-2026-25669

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

CVE-2026-6993

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

CVE-2026-6988

A flaw has been found in Tenda HG10 HG7HG9HG10re300001138enxpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploit h...

CVE-2026-6992 Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...

CVE-2026-6992

CVE-2026-6992 affects Linksys MR9600 (firmware 2.0.6.206937). The vulnerability lies in BTRequestGetSmartConnectStatus within /etc/init.d/run_central2.sh (JNAP Action Handler), where manipulating the argument pin enables OS command injection. The attack can be initiated remotely and public exploi...

EUVD-2026-25667

A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit h...

CVE-2026-6991

A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit h...

CVE-2026-6991 colinhacks Zod CUID Data Type regexes.ts sql injection

A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit h...

CVE-2026-6991

The CVE concerns colinhacks Zod up to 4.3.6, specifically the CUID Data Type Handler in packages/zod/src/v4/core/regexes.ts. The vulnerability arises from a manipulated input to an unknown function, enabling SQL injection. It is a remote attack and exploitation is indicated by public disclosures ...