|
521
|
- |
|
-
|
-
|
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates* in Arcane's Huma backend are registered without…
|
CWE-862
Missing Authorization
|
CVE-2026-42461
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
522
|
7.8 |
HIGH
Local
|
-
|
-
|
pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata (e.g. the summary field) into the generated spec file without …
|
CWE-20
CWE-94
Improper Input Validation
Code Injection
|
CVE-2026-42301
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
523
|
- |
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provid…
|
CWE-862
Missing Authorization
|
CVE-2026-42297
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
524
|
8.1 |
HIGH
Network
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass …
|
CWE-863
Incorrect Authorization
|
CVE-2026-42296
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
525
|
- |
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/g…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42183
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
526
|
- |
|
-
|
-
|
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patc…
|
CWE-862
Missing Authorization
|
CVE-2026-42174
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
527
|
- |
|
-
|
-
|
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API. T…
|
CWE-862
CWE-863
Missing Authorization
Incorrect Authorization
|
CVE-2026-42137
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
528
|
- |
|
-
|
-
|
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versio…
|
CWE-862
Missing Authorization
|
CVE-2026-42069
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
529
|
- |
|
-
|
-
|
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patc…
|
CWE-862
Missing Authorization
|
CVE-2026-42051
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
530
|
- |
|
-
|
-
|
bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap an…
|
CWE-269
Improper Privilege Management
|
CVE-2026-41163
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
