CVE-2026-39987
Marimo Remote Code Execution Vulnerability - Active in CISA KEV catalog.
Critical vulnerabilities, curated daily for security professionals
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Wednesday's brief is led by Eclipse BaSyx and Equinox OSGi flaws alongside multiple WordPress and D-Link router vulnerabilities, with Intel OpenCTI and EFM ipTIME NAS also exposed to unauthenticated attack paths. Critical CVEs dropped 57% to 15 while high-priority disclosures rose 51% to 98, indicating a shift toward broader mid-tier exposure. Standout issues include CVE-2026-7411 (CVSS 10) in Eclipse BaSyx Java Server SDK, CVE-2026-5294 affecting WordPress, and CVE-2026-7853/7854 in D-Link DI series routers. Remote code execution and authentication bypass dominate the disclosure set, with web platforms, network edge devices, and industrial software bearing most of the impact. Patch availability is reported at 0% across the disclosed set, so defenders should prioritize compensating controls and exposure reduction. Eight CVEs are listed in CISA KEV, including Samsung MagicINFO, SimpleHelp, and ConnectWise ScreenConnect.
Immediate action: Prioritize exposure assessment for Eclipse BaSyx and Equinox OSGi deployments, WordPress installations, and internet-facing D-Link DI routers, EFM ipTIME NAS, and Intel OpenCTI instances. With no patches currently available for the disclosed critical CVEs, apply network segmentation, WAF rules, and access restrictions while monitoring vendor advisories; separately, ensure KEV-listed Samsung MagicINFO, SimpleHelp, and ConnectWise ScreenConnect systems are already remediated.
Marimo Remote Code Execution Vulnerability - Active in CISA KEV catalog.
D-Link DIR-823X Command Injection Vulnerability - Active in CISA KEV catalog.
Samsung MagicINFO 9 Server Path Traversal Vulnerability - Active in CISA KEV catalog.
SimpleHelp Path Traversal Vulnerability - Active in CISA KEV catalog.
SimpleHelp Missing Authorization Vulnerability - Active in CISA KEV catalog.
ConnectWise ScreenConnect Path Traversal Vulnerability - Active in CISA KEV catalog.
Microsoft Windows Protection Mechanism Failure Vulnerability - Active in CISA KEV catalog.
Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability - Active in CISA KEV catalog.
The Eclipse BaSyx Java Server SDK is vulnerable to path traversal via the Submodel HTTP API, potentially leading to Remote Code Execution.
The Geeky Bot plugin for WordPress contains a missing authorization vulnerability that allows unauthenticated attackers to achieve remote code execution via arbitrary plugin installation.
Eclipse Equinox OSGi versions 3.8 through 3.18 are vulnerable to unauthenticated remote code execution via the console interface's fork command.
An authentication bypass vulnerability in MoreConvert Pro for WordPress allows unauthenticated attackers to hijack administrator accounts by manipulating email verification tokens.
The Mentoring plugin for WordPress contains a privilege escalation vulnerability that allows unauthenticated attackers to register as administrators.
D-Link DI-8100 is vulnerable to a remote buffer overflow in the `sprintf` function within the HTTP Handler's `/auto_reboot.asp` script.
A buffer overflow vulnerability in the D-Link DI-8100 POST parameter handler allows remote attackers to execute arbitrary code via the url_rule.asp function.
Eclipse Equinox OSGi version 3.7.2 and earlier contains a remote code execution vulnerability allowing unauthenticated attackers to execute commands via the console interface.
The EFM ipTIME NAS1dual device is vulnerable to a remote stack-based buffer overflow via the `get_csrf_whites` function in `misc_main.cgi`.
OpenCTI contains a privilege escalation vulnerability allowing unauthenticated attackers to query the API as any user, including the default administrator.
A remote OS command injection vulnerability in the Totolink A8000RU allows unauthenticated attackers to execute arbitrary commands via the `setAppFilterCfg` function.
The GoAhead web server on MeiG Smart FORGE_SLT711 devices allows unauthenticated remote attackers to perform OS command injection via the /action/SetRemoteAccessCfg endpoint.
Saleswonder LLC's WebinarIgnition plugin for WordPress is vulnerable to Blind SQL Injection, allowing unauthenticated attackers to extract database information.
OpenClaw contains a privilege escalation vulnerability where heartbeat owner downgrade logic incorrectly skips webhook wake events, allowing attackers to maintain elevated privileges.
OpenClaw contains an input validation vulnerability allowing external hook metadata to be enqueued as trusted system events, leading to privilege escalation.
OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReaderΒ Versions Affected:Β before 2
A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store, potentially allowing local users to gain elevated system rights.
Prometheus, an open-source monitoring system, is affected by a security vulnerability that may impact its time-series database and monitoring operations.
Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool)
Conditional Fields for Contact Form 7 WordPress plugin through version 2
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr_update_form_action_meta AJAX action in all versions up to, and including, 1
Nginx UI is a web user interface for the Nginx web server
Nginx UI is a web user interface for the Nginx web server
The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4
The GeekyBot β Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1
The Form Maker by 10Web β Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1
The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3
OpenClaw is affected by a security vulnerability requiring immediate attention to prevent potential exploitation of the software environment.
The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28
In Eclipse BaSyx Java Server SDK versions prior to 2
An escalation of privilege bug in various modules in Apache HTTP 2
Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol
Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2
Easy PayPal Events & Tickets plugin for WordPress version 1
Easy PayPal Events & Tickets plugin for WordPress versions 1
Prometheus is an open-source monitoring system and time series database
The Forminator Forms β Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1
WordPress Plugin Backup Migration 1
The LatePoint β Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking_form_page_url' parameter in all versions up to, and including, 5
The LatePoint β Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'first_name' parameter in all versions up to, and including, 5
Buffer Over-read vulnerability in Apache HTTP Server
A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2
Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server'sΒ mod_md via OCSP response data
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings
A vulnerability exists in the Realtek rtl819x Jungle SDK affecting the rtl8192cd Wi-Fi kernel driver, which may allow for unauthorized system impact.
BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc
OpenSTAManager version 2
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS
In adbd_tls_verify_cert of auth
A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6
D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor
A vulnerability was detected in D-Link DI-8100 16
Boundary Community Edition and Boundary Enterprise (βBoundaryβ) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes
A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2
A flaw was found in the AAP gateway
Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level
OpenClaw versions 2026
A vulnerability was identified in D-Link DI-8100 16
A flaw has been found in D-Link DI-8100 16
A vulnerability has been found in D-Link DI-8100 16
A weakness has been identified in Totolink N300RH 3
A security vulnerability has been detected in Totolink N300RH 3
A vulnerability was detected in Totolink N300RH 3
NetBox versions 4
Frappe Framework ERPNext 13
ERPGo SaaS 3
OpenClaw versions 2026
OpenClaw versions from 2026
OpenClaw before 2026
OpenClaw before 2026
PPTAgent is an agentic framework for reflective PowerPoint generation
OpenClaw before 2026
OpenClaw before 2026
OpenClaw before 2026
Evolver is a GEP-powered self-evolving engine for AI agents
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems
IKUS Rdiffweb before 2
In ProFTPD through 1
An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions in PostCompressionActions
Memory corruption when processing camera sensor input/output control codes with invalid output buffers
Memory corruption when another driver calls an IOCTL with invalid input/output buffer
Memory Corruption when copying data from a freed source while executing performance counter deselect operation
OpenClaw before 2026
OpenClaw versions 2026
OpenClaw before 2026
OpenClaw before 2026
An issue was discovered in idrac in OpenStack Ironic before 35
An issue in Assimp v
An out-of-bounds read in the ParseIP6Extended function (/bgp/bgp
An integer underflow in FRRouting (FRR) stable/10
fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions
@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy
An issue was discovered in Nix before 2
fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization
OpenEMR 7
OpenClaw versions 2026
In Eclipse Open9J versions 0
In IMS, there is a possible system crash due to improper input validation
In Modem IMS, there is a possible improper input validation
In Modem IMS, there is a possible improper input validation
In Modem IMS, there is a possible improper input validation
In Modem IMS, there is a possible improper input validation
In nr modem, there is a possible improper input validation
A vulnerability has been found in RTGS2017 NagaAgent up to 5
A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89
A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0
A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8
A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8
OpenClaw before 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection
A weakness has been identified in EFM ipTIME C200 up to 1
Detect-It-Easy prior to 3
A security flaw has been discovered in IObit Advanced SystemCare 19