|
471
|
9.1 |
CRITICAL
Network
|
adenhq
|
hive
|
A vulnerability was found in adenhq hive up to 0.11.0. This affects the function _read_events_tail of the file core/framework/server/routes_sessions.py of the component Delete Request Handler. Perfor…
Update
|
CWE-22
Path Traversal
|
CVE-2026-8757
|
2026-05-20 06:26 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
472
|
6.5 |
MEDIUM
Network
|
kilo
|
kilo_code
|
A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component Fi…
New
|
CWE-22
Path Traversal
|
CVE-2026-8765
|
2026-05-20 06:21 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
473
|
5.3 |
MEDIUM
Network
|
-
|
-
|
In the AWS Secrets Manager and SSM Parameter Store secrets backends of `apache-airflow-providers-amazon` prior to 9.28.0, the team-scoping logic could resolve a `conn_id` containing a `/` (e.g. `"my_…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-42526
|
2026-05-20 06:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
474
|
8.7 |
HIGH
Local
|
-
|
-
|
JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actio…
New
|
CWE-538
File and Directory Information Exposure
|
CVE-2026-27173
|
2026-05-20 06:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
475
|
- |
|
-
|
-
|
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain a…
New
|
CWE-862
Missing Authorization
|
CVE-2026-34154
|
2026-05-20 06:08 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
476
|
5.9 |
MEDIUM
Network
|
-
|
-
|
LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attack…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-41470
|
2026-05-20 06:08 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
477
|
0.0 |
NONE
Network
|
-
|
-
|
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request tar…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-33637
|
2026-05-20 06:08 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
478
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validation on composition offsets using unsigned …
New
|
CWE-125
CWE-190
CWE-787
Out-of-bounds Read
Integer Overflow or Wraparound
Out-of-bounds Write
|
CVE-2026-33642
|
2026-05-20 06:08 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
479
|
- |
|
-
|
-
|
Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 …
New
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-8370
|
2026-05-20 06:01 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
480
|
8.8 |
HIGH
Network
|
getgrav
|
grav
|
Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/acco…
Update
|
CWE-269
CWE-434
Improper Privilege Management
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-42844
|
2026-05-20 06:00 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
