|
31
|
- |
|
-
|
-
|
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates* in Arcane's Huma backend are registered without…
New
|
CWE-862
Missing Authorization
|
CVE-2026-42461
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
32
|
7.8 |
HIGH
Local
|
-
|
-
|
pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata (e.g. the summary field) into the generated spec file without …
New
|
CWE-20
CWE-94
Improper Input Validation
Code Injection
|
CVE-2026-42301
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
33
|
- |
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provid…
New
|
CWE-862
Missing Authorization
|
CVE-2026-42297
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
34
|
8.1 |
HIGH
Network
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass …
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-42296
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
35
|
- |
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact re…
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-42295
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
36
|
- |
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request b…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42294
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
37
|
- |
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/g…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42183
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
38
|
- |
|
-
|
-
|
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patc…
New
|
CWE-862
Missing Authorization
|
CVE-2026-42174
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
39
|
- |
|
-
|
-
|
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API. T…
New
|
CWE-862
CWE-863
Missing Authorization
Incorrect Authorization
|
CVE-2026-42137
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
40
|
- |
|
-
|
-
|
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versio…
New
|
CWE-862
Missing Authorization
|
CVE-2026-42069
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
