CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-5722
Critical

The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to and including 1.9.14. The issue arises from the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed.

CVE-2026-42238
Critical

Nginx UI, a web user interface for the Nginx web server, prior to version 2.3.8, exposed a backup restore endpoint (POST /api/restore) that was completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker could upload a crafted backup archive that overwrote the application's configuration file and SQLite database.

CVE-2026-41926
Critical

The WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the firewall.cgi binary due to insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters, leading to persistent payloads stored in NVRAM.

CVE-2026-41925
Critical

WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the reboot_time function of the adm.cgi binary. This allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the reboot_time POST parameter.

CVE-2026-41924
Critical

The WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the makeRequest.cgi binary. This allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the set_time or StartSniffer functions.

CVE-2026-41923
Critical

The WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the internet.cgi binary, allowing unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter.

CVE-2026-41922
Critical

WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the wireless.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the sz11gChannel or PIN POST parameters. Attackers can exploit unsanitized parameter handling in the set_wifi_basic and set_wifi_do_wps functions to achieve remote code execution without authentication.

CVE-2026-42235
Critical

n8n is a workflow automation platform that prior to versions 1.123.32, 2.17.4, and 2.18.1 was vulnerable to an unauthenticated attacker registering a malicious OAuth client. After authorization by the victim, a malicious script could be executed in the victim's browser session.

CVE-2026-42796
Critical

Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter. Attackers can supply a URL to a malicious Python file, leading to the download and execution of attacker-controlled code.

CVE-2026-42088
Critical

OpenC3 COSMOS prior to version 7.0.0-rc3 allows users to execute Python and Ruby scripts from the openc3-COSMOS-script-runner-api container. This enables bypassing API permissions checks and performing administrative actions, including modifying data in the Redis database.

CVE-2026-42087
Critical

In versions from 6.7.0 to before 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database (TSDB) component of OpenC3 COSMOS. The tsdb_lookup function in the cvt_model.rb file directly places user-supplied input into a SQL query without sanitizing the input, allowing arbitrary SQL commands to be executed.

CVE-2026-41571
Critical

The Note Mark note-taking application in version 0.19.2 has a vulnerability where the IsPasswordMatch function in the backend uses a hard-coded bcrypt("null") password for users without stored passwords. OIDC-registered users are created with an empty password, allowing anyone to obtain a valid session by submitting password: "null" to the internal login endpoint.

CVE-2026-42812
Critical

In Apache Iceberg, changing the `write.metadata.path` property in a table registered in a Polaris-managed catalog can bypass the storage location revalidation mechanism. This allows for potential unauthorized changes to the table's metadata.

CVE-2026-42811
Critical

Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket.

CVE-2026-42810
Critical

Apache Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns.

CVE-2026-42809
Critical

Apache Polaris can issue broad temporary ('vended') storage credentials during staged table creation before the effective table location has been validated or durably reserved. An attacker can choose a reachable target location, leading to unauthorized access to table data and metadata.

CVE-2026-42376
Critical

D-Link DIR-456U Hardware Revision A1 contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot, allowing access to a root shell with full administrative control.

CVE-2026-42375
Critical

D-Link DIR-600L Hardware Revision A1 contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot with the default username 'Alphanetworks' and static password 'wrgn35_dlwbr_dir600l'.

CVE-2026-42374
Critical

D-Link DIR-600L Hardware Revision B1 contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot with the username 'Alphanetworks' and the static password 'wrgn61_dlwbr_dir600L'.

CVE-2026-42373
Critical

D-Link DIR-605L Hardware Revision B2 contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot with the username 'Alphanetworks' and the static password 'wrgn76_dlwbr_dir605L'.

PreviousPage 85 of 543Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS