Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.5 HIGH
CVE-2026-48547 — KanaDojo < 0.1.18 Command Injection via patchNotesData.json in release.yml

KanaDojo contains a command injection vulnerability that allows an attacker with pull request access to execute arbitrary shell commands by inserting shell metacharacters into the version or changes …

Remote | Injection
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
0.0 NA
CVE-2026-52859 — Vim: Out-of-bounds Read in Terminal Screen Snapshot

Vim is an open source, command line text editor. Prior to version 9.2.0565, the update_snapshot() function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snaps…

| Memory Corruption
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
0.0 NA
CVE-2026-52858 — Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled (and the legacy pyth…

| Supply Chain
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
0.0 NA
CVE-2026-47162 — Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave() in the netrw plugin (runtime/pack/dist/opt/netrw/a…

| Injection
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
0.0 NA
CVE-2026-47167 — Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition reg…

Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch() in the cucumber filetype plugin (runtime/ftplugin/cucumber.vim) on V…

| Injection
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
0.0 NA
CVE-2026-47189 — Quest Bot: AutoMod removal can delete rules from another guild by global rule ID

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without ver…

| Authorization
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
0.0 NA
CVE-2026-47188 — Quest Bot: Unban and unwarn reason fields still allow bot-powered mass mentions.

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the latest release suppresses mentions in several moderation commands, but /unban an…

| Denial of Service
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
0.0 NA
CVE-2026-47177 — Quest Bot: Ticket transcripts can disclose private ticket contents to a lower-visibility …

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can set the ticket transcript channel to a cha…

| Information Disclosure
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
0.0 NA
CVE-2026-47176 — Quest Bot: Logging module can disclose private-channel message contents to a lower-visibi…

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channe…

| Information Disclosure
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
0.0 NA
CVE-2026-47175 — Quest Bot: Moderation reason fields allow bot-powered `@everyone` / `@here` pings

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies w…

| Misconfiguration
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
0.0 NA
CVE-2026-47173 — Quest Bot: Ticket reason allows mass-mention injection

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticket with a reason containing @everyone, @here, user me…

| Misconfiguration
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
0.0 NA
CVE-2026-47172 — Quest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_…

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged bui…

| Misconfiguration
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
0.0 NA
CVE-2026-47171 — Quest Bot: Reminder messages allow stored mass mentions through `@everyone` and `@here`

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When …

| Misconfiguration
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
0.0 NA
CVE-2026-47163 — Quest Bot: Unprivileged users can create and remove AutoMod rules.

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.1, any guild member who can invoke slash commands can use /automod add, /automod remove…

| Authorization
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
0.0 NA
CVE-2026-47169 — Quest Bot: Manage Server users can configure AutoRole to grant Administrator to controlle…

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / ManageGuild, but without Manage Roles or Administrator, …

| Authorization
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
8.4 HIGH
CVE-2026-45178 — Idira Secrets Manager Self-Hosted: Improper Access Control in Internal Cluster Endpoints

Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credenti…

Remote | Authorization
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
10.0 CRITICAL
CVE-2026-49261 — MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with `wsrep_notify_…

Remote | Injection
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
8.5 HIGH
CVE-2026-48546 — KanaDojo < 0.1.18 Sandbox Escape RCE via messages.cjs

KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require function into a Node.js vm.ru…

Remote | Injection
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
6.5 MEDIUM
CVE-2026-47157 — aiograpi: Unsafe signup challenge path handling

aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the pa…

| Server-Side Request Forgery
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
5.3 MEDIUM
CVE-2026-46698 — Fediverse Embeds: Public-nonce SSRF via ftf_get_site_info AJAX action

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wp_ajax_nopriv_ftf_get_site_info (includes/Site_Info.ph…

Remote | Server-Side Request Forgery
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
Showing 20 of 7149 Results