|
451
|
- |
|
-
|
-
|
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versio…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-42069
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
452
|
- |
|
-
|
-
|
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API. T…
Update
|
CWE-862
CWE-863
Missing Authorization
Incorrect Authorization
|
CVE-2026-42137
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
453
|
- |
|
-
|
-
|
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patc…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-42174
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
454
|
- |
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/g…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42183
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
455
|
- |
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request b…
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42294
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
456
|
- |
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact re…
Update
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-42295
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
457
|
- |
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provid…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-42297
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
458
|
8.1 |
HIGH
Network
|
-
|
-
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass …
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-42296
|
2026-05-13 00:37 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
459
|
6.7 |
MEDIUM
Network
|
-
|
-
|
Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.67.0, Scoold allows the admins configuration value to be modified through /api/config/set/admins with a forged Bearer to…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-42176
|
2026-05-13 00:33 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
460
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy allows an authenticated low-privileged user to create a link post through POST /api/v3/post. When a post is cre…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42180
|
2026-05-13 00:31 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
