CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
n8n is a workflow automation platform that prior to versions 1.123.32, 2.17.4, and 2.18.1 was vulnerable to an unauthenticated attacker registering a malicious OAuth client. After authorization by the victim, a malicious script could be executed in the victim's browser session.
Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter. Attackers can supply a URL to a malicious Python file, leading to the download and execution of attacker-controlled code.
OpenC3 COSMOS prior to version 7.0.0-rc3 allows users to execute Python and Ruby scripts from the openc3-COSMOS-script-runner-api container. This enables bypassing API permissions checks and performing administrative actions, including modifying data in the Redis database.
In versions from 6.7.0 to before 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database (TSDB) component of OpenC3 COSMOS. The tsdb_lookup function in the cvt_model.rb file directly places user-supplied input into a SQL query without sanitizing the input, allowing arbitrary SQL commands to be executed.
The Note Mark note-taking application in version 0.19.2 has a vulnerability where the IsPasswordMatch function in the backend uses a hard-coded bcrypt("null") password for users without stored passwords. OIDC-registered users are created with an empty password, allowing anyone to obtain a valid session by submitting password: "null" to the internal login endpoint.
In Apache Iceberg, changing the `write.metadata.path` property in a table registered in a Polaris-managed catalog can bypass the storage location revalidation mechanism. This allows for potential unauthorized changes to the table's metadata.
Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket.
Apache Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns.
Apache Polaris can issue broad temporary ('vended') storage credentials during staged table creation before the effective table location has been validated or durably reserved. An attacker can choose a reachable target location, leading to unauthorized access to table data and metadata.
D-Link DIR-456U Hardware Revision A1 contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot, allowing access to a root shell with full administrative control.
D-Link DIR-600L Hardware Revision A1 contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot with the default username 'Alphanetworks' and static password 'wrgn35_dlwbr_dir600l'.
D-Link DIR-600L Hardware Revision B1 contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot with the username 'Alphanetworks' and the static password 'wrgn61_dlwbr_dir600L'.
D-Link DIR-605L Hardware Revision B2 contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot with the username 'Alphanetworks' and the static password 'wrgn76_dlwbr_dir605L'.
Notesnook has a stored XSS vulnerability that can lead to remote code execution in the desktop app. The issue arises from exported note fields being inserted into the HTML template without proper escaping.
Evolver is an AI self-evolving engine that prior to version 1.69.3 had a command injection vulnerability in the _extractLLM() function. This allows attackers to execute arbitrary shell commands on the server due to improper handling of parameters.
In Apache OpenNLP before versions 1.9.5, 2.5.9, and 3.0.0-M3, the ExtensionLoader.instantiateExtension() method loads a class by name from a model's manifest.properties, executing its static initializer before type checking. An attacker can supply a crafted model to trigger arbitrary class initialization, potentially leading to remote code execution.
An XML External Entity (XXE) vulnerability was found in Apache OpenNLP's DictionaryEntryPersistor class. The class initializes a SAX parser without enabling FEATURE_SECURE_PROCESSING or disabling DTD processing, allowing an attacker to inject a malicious DOCTYPE declaration in a dictionary file. This can lead to local file disclosure (file://) or server-side request forgery (SSRF) during parsing.
vm2 version 3.10.4 contains a vulnerability allowing full sandbox escape and arbitrary code execution on the host. An attacker can obtain the host process object and run commands without any host cooperation.
A vulnerability in the vm2 library for Node.js allows attackers to escape the sandbox and execute arbitrary code via the SuppressedError mechanism. The issue is fixed in version 3.11.0.
Buffer overflow due to incorrect authorization in PLC firmware.

