|
1471
|
- |
|
-
|
-
|
Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PH…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-8208
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1472
|
- |
|
-
|
-
|
Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of th…
|
CWE-23
Relative Path Traversal
|
CVE-2026-8209
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1473
|
- |
|
-
|
-
|
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patc…
|
CWE-862
Missing Authorization
|
CVE-2026-42051
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1474
|
- |
|
-
|
-
|
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versio…
|
CWE-862
Missing Authorization
|
CVE-2026-42069
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1475
|
- |
|
-
|
-
|
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API. T…
|
CWE-862
CWE-863
Missing Authorization
Incorrect Authorization
|
CVE-2026-42137
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1476
|
- |
|
-
|
-
|
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patc…
|
CWE-862
Missing Authorization
|
CVE-2026-42174
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1477
|
- |
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact re…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-42295
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1478
|
- |
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provid…
|
CWE-862
Missing Authorization
|
CVE-2026-42297
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1479
|
8.1 |
HIGH
Network
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass …
|
CWE-863
Incorrect Authorization
|
CVE-2026-42296
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1480
|
6.7 |
MEDIUM
Network
|
-
|
-
|
Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.67.0, Scoold allows the admins configuration value to be modified through /api/config/set/admins with a forged Bearer to…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-42176
|
2026-05-13 00:33 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
