|
151
|
- |
|
-
|
-
|
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables)…
New
|
CWE-863
Incorrect Authorization
|
CVE-2025-15633
|
2026-05-9 15:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
- |
|
-
|
-
|
Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of th…
New
|
CWE-23
Relative Path Traversal
|
CVE-2026-8209
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
- |
|
-
|
-
|
Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PH…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-8208
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
7.5 |
HIGH
Local
|
-
|
-
|
An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine st…
Update
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-44028
|
2026-05-9 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
- |
|
-
|
-
|
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates* in Arcane's Huma backend are registered without…
New
|
CWE-862
Missing Authorization
|
CVE-2026-42461
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
7.8 |
HIGH
Local
|
-
|
-
|
pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata (e.g. the summary field) into the generated spec file without …
New
|
CWE-20
CWE-94
Improper Input Validation
Code Injection
|
CVE-2026-42301
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
- |
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provid…
New
|
CWE-862
Missing Authorization
|
CVE-2026-42297
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
8.1 |
HIGH
Network
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass …
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-42296
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
- |
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact re…
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-42295
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
- |
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request b…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42294
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
