CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
An issue was discovered in Gambio version 4.9.2.0 that allows the password reset function to be bypassed, enabling arbitrary passwords to be set for arbitrary accounts if the account ID is known.
OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logic skips webhook wake events carrying untrusted content. Attackers can exploit this by sending untrusted webhook wake events to preserve owner-like execution context when the run should have been downgraded.
OpenClaw before version 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context.
Eclipse Equinox OSGi version 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in fork directives to achieve code execution and establish reverse shell connections.
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console, perform a telnet handshake, and send fork commands to download and execute malicious Java code, establishing a reverse shell connection.
CVE-2026-40797 describes an improper neutralization of special elements used in an SQL command, leading to the possibility of a Blind SQL Injection attack in the WebinarIgnition application.
A security flaw has been discovered in Totolink A8000RU version 7.1cu.643_b20200521. The function setAppFilterCfg in the file /cgi-bin/cstecgi.cgi is vulnerable to OS command injection through manipulation of the argument enable.
The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.2.2. This is due to a nopriv AJAX route allowing attacker-controlled model/function dispatch and reaching a plugin installer helper that downloads and unzips attacker-supplied ZIP files.
The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to and including 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoring_process_registration() function.
The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to and including 1.9.14. The issue arises from the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed.
Nginx UI, a web user interface for the Nginx web server, prior to version 2.3.8, exposed a backup restore endpoint (POST /api/restore) that was completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker could upload a crafted backup archive that overwrote the application's configuration file and SQLite database.
The WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the firewall.cgi binary due to insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters, leading to persistent payloads stored in NVRAM.
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the reboot_time function of the adm.cgi binary. This allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the reboot_time POST parameter.
The WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the makeRequest.cgi binary. This allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the set_time or StartSniffer functions.
The WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the internet.cgi binary, allowing unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter.
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the wireless.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the sz11gChannel or PIN POST parameters. Attackers can exploit unsanitized parameter handling in the set_wifi_basic and set_wifi_do_wps functions to achieve remote code execution without authentication.
n8n is a workflow automation platform that prior to versions 1.123.32, 2.17.4, and 2.18.1 was vulnerable to an unauthenticated attacker registering a malicious OAuth client. After authorization by the victim, a malicious script could be executed in the victim's browser session.
Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter. Attackers can supply a URL to a malicious Python file, leading to the download and execution of attacker-controlled code.
OpenC3 COSMOS prior to version 7.0.0-rc3 allows users to execute Python and Ruby scripts from the openc3-COSMOS-script-runner-api container. This enables bypassing API permissions checks and performing administrative actions, including modifying data in the Redis database.
In versions from 6.7.0 to before 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database (TSDB) component of OpenC3 COSMOS. The tsdb_lookup function in the cvt_model.rb file directly places user-supplied input into a SQL query without sanitizing the input, allowing arbitrary SQL commands to be executed.

