CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-42235
Critical

n8n is a workflow automation platform that prior to versions 1.123.32, 2.17.4, and 2.18.1 was vulnerable to an unauthenticated attacker registering a malicious OAuth client. After authorization by the victim, a malicious script could be executed in the victim's browser session.

CVE-2026-42796
Critical

Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter. Attackers can supply a URL to a malicious Python file, leading to the download and execution of attacker-controlled code.

CVE-2026-42088
Critical

OpenC3 COSMOS prior to version 7.0.0-rc3 allows users to execute Python and Ruby scripts from the openc3-COSMOS-script-runner-api container. This enables bypassing API permissions checks and performing administrative actions, including modifying data in the Redis database.

CVE-2026-42087
Critical

In versions from 6.7.0 to before 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database (TSDB) component of OpenC3 COSMOS. The tsdb_lookup function in the cvt_model.rb file directly places user-supplied input into a SQL query without sanitizing the input, allowing arbitrary SQL commands to be executed.

CVE-2026-41571
Critical

The Note Mark note-taking application in version 0.19.2 has a vulnerability where the IsPasswordMatch function in the backend uses a hard-coded bcrypt("null") password for users without stored passwords. OIDC-registered users are created with an empty password, allowing anyone to obtain a valid session by submitting password: "null" to the internal login endpoint.

CVE-2026-42812
Critical

In Apache Iceberg, changing the `write.metadata.path` property in a table registered in a Polaris-managed catalog can bypass the storage location revalidation mechanism. This allows for potential unauthorized changes to the table's metadata.

CVE-2026-42811
Critical

Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket.

CVE-2026-42810
Critical

Apache Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns.

CVE-2026-42809
Critical

Apache Polaris can issue broad temporary ('vended') storage credentials during staged table creation before the effective table location has been validated or durably reserved. An attacker can choose a reachable target location, leading to unauthorized access to table data and metadata.

CVE-2026-42376
Critical

D-Link DIR-456U Hardware Revision A1 contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot, allowing access to a root shell with full administrative control.

CVE-2026-42375
Critical

D-Link DIR-600L Hardware Revision A1 contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot with the default username 'Alphanetworks' and static password 'wrgn35_dlwbr_dir600l'.

CVE-2026-42374
Critical

D-Link DIR-600L Hardware Revision B1 contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot with the username 'Alphanetworks' and the static password 'wrgn61_dlwbr_dir600L'.

CVE-2026-42373
Critical

D-Link DIR-605L Hardware Revision B2 contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot with the username 'Alphanetworks' and the static password 'wrgn76_dlwbr_dir605L'.

CVE-2026-42090
Critical

Notesnook has a stored XSS vulnerability that can lead to remote code execution in the desktop app. The issue arises from exported note fields being inserted into the HTML template without proper escaping.

CVE-2026-42076
Critical

Evolver is an AI self-evolving engine that prior to version 1.69.3 had a command injection vulnerability in the _extractLLM() function. This allows attackers to execute arbitrary shell commands on the server due to improper handling of parameters.

CVE-2026-42027
Critical

In Apache OpenNLP before versions 1.9.5, 2.5.9, and 3.0.0-M3, the ExtensionLoader.instantiateExtension() method loads a class by name from a model's manifest.properties, executing its static initializer before type checking. An attacker can supply a crafted model to trigger arbitrary class initialization, potentially leading to remote code execution.

CVE-2026-40682
Critical

An XML External Entity (XXE) vulnerability was found in Apache OpenNLP's DictionaryEntryPersistor class. The class initializes a SAX parser without enabling FEATURE_SECURE_PROCESSING or disabling DTD processing, allowing an attacker to inject a malicious DOCTYPE declaration in a dictionary file. This can lead to local file disclosure (file://) or server-side request forgery (SSRF) during parsing.

CVE-2026-26956
CriticalEPSS 56%

vm2 version 3.10.4 contains a vulnerability allowing full sandbox escape and arbitrary code execution on the host. An attacker can obtain the host process object and run commands without any host cooperation.

CVE-2026-26332
Critical

A vulnerability in the vm2 library for Node.js allows attackers to escape the sandbox and execute arbitrary code via the SuppressedError mechanism. The issue is fixed in version 3.11.0.

CVE-2026-25293
Critical

Buffer overflow due to incorrect authorization in PLC firmware.

PreviousPage 89 of 559Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS