| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-42295 | Argo Workflows: Exposure of artifact repository credentials | argoproj | argo-workflows | - | - | 2026-05-09 03:48:03 | Deep Dive |
| CVE-2026-42294 | Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor | argoproj | argo-workflows | - | - | 2026-05-09 03:45:48 | Deep Dive |
| CVE-2026-42183 | Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go) | argoproj | argo-workflows | - | - | 2026-05-09 03:44:11 | Deep Dive |
| CVE-2026-42297 | Argo Workflows Is Missing Authorization in Sync ConfigMap Provider | argoproj | argo-workflows | - | - | 2026-05-09 03:42:43 | Deep Dive |
| CVE-2026-42174 | Kirby: User avatar creation, replacement and deletion are not gated by user update permissions | getkirby | kirby | - | - | 2026-05-09 03:39:06 | Deep Dive |
| CVE-2026-42137 | Kirby: `pages.access/list` and `files.access/list` permissions are not consistently checked in the REST API and changes dialog | getkirby | kirby | - | - | 2026-05-09 03:38:35 | Deep Dive |
| CVE-2026-42051 | Kirby: System API endpoint leaks license data and installed version to authenticated users | getkirby | kirby | - | - | 2026-05-09 03:37:43 | Deep Dive |
| CVE-2026-42069 | Kirby: Read access to site, user and role information is not gated by permissions | getkirby | kirby | - | - | 2026-05-09 03:35:02 | Deep Dive |
| CVE-2026-42461 | Arcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets) | getarcaneapp | arcane | - | - | 2026-05-09 03:30:13 | Deep Dive |
| CVE-2026-8209 | Gibbon<30.0.01路径遍历漏洞导致拒绝服务 | gibbonedu | gibbon | - | - | 2026-05-09 03:19:28 | Deep Dive |
| CVE-2026-8208 | Gibbon<30.0.01本地文件包含致RCE | gibbonedu | gibbon | - | - | 2026-05-09 02:58:44 | Deep Dive |
| CVE-2026-8207 | Gibbon <v30.0.01 认证SQL注入漏洞 | gibbonedu | gibbon | - | - | 2026-05-09 02:41:47 | Deep Dive |
| CVE-2026-7652 | LatePoint <= 5.5.0 - Unauthenticated Account Takeover via Weak Password Recovery Mechanism | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 5.3 | 2026-05-09 02:25:39 | Deep Dive |
| CVE-2026-6667 | PgBouncer missing authorization check in KILL_CLIENT admin command | - | PgBouncer | Medium | 4.3 | 2026-05-09 00:43:53 | Deep Dive |
| CVE-2026-6666 | PgBouncer crash in kill_pool_logins_server_error | - | PgBouncer | Medium | 5.9 | 2026-05-09 00:43:50 | Deep Dive |
| CVE-2026-6665 | PgBouncer buffer overflow in SCRAM | - | PgBouncer | High | 8.1 | 2026-05-09 00:43:47 | Deep Dive |
| CVE-2026-6664 | PgBouncer integer overflow in PgBouncer network packet parsing | - | PgBouncer | High | 7.5 | 2026-05-09 00:43:43 | Deep Dive |
| CVE-2026-41705 | Spring AI MilvusVectorStore 注入漏洞影响 1.0.x-1.1.x | Spring | Spring AI | High | 8.6 | 2026-05-09 00:34:18 | Deep Dive |
| CVE-2026-42455 | LinkWarden: Stored XSS via Client-Side Archive Upload (Unsanitized HTML served from same origin) | linkwarden | linkwarden | - | - | 2026-05-08 23:10:11 | Deep Dive |
| CVE-2026-44313 | LinkWarden: Server-Side Request Forgery (SSRF) in Link Creation via fetchTitleAndHeaders Function | linkwarden | linkwarden | Critical | 9.1 | 2026-05-08 23:08:42 | Deep Dive |