Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.0 MEDIUM
CVE-2026-45802 — FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PD…

Remote | Denial of Service
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
8.5 HIGH
CVE-2026-45175 — Idira Endpoint Privilege Manager Agent: Security Control and Cryptographic Validation Byp…

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security c…

| Authorization
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
6.5 MEDIUM
CVE-2026-53702 — Gstreamer1-plugins-bad-free: gstreamer: stack buffer overflow in h.265 buffering period s…

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library (gst-plugins-bad). When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from…

enterprise_linux enterprise_linux | Remote | Memory Corruption
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
6.5 MEDIUM
CVE-2026-53701 — Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds write in h.266/vvc pps picture part…

An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-plugins-bad. In the multi-slice-in-tile processing of gst_h266_parser_parse_picture_partiti…

enterprise_linux enterprise_linux | Remote | Memory Corruption
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
7.5 HIGH
CVE-2026-52860 — Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec() as p…

Remote | Injection
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
6.9 MEDIUM
CVE-2026-52859 — Vim: Out-of-bounds Read in Terminal Screen Snapshot

Vim is an open source, command line text editor. Prior to version 9.2.0565, the update_snapshot() function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snaps…

Remote | Memory Corruption
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
7.3 HIGH
CVE-2026-52858 — Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled (and the legacy pyth…

Remote | Supply Chain
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
8.5 HIGH
CVE-2026-48547 — KanaDojo < 0.1.18 Command Injection via patchNotesData.json in release.yml

KanaDojo contains a command injection vulnerability that allows an attacker with pull request access to execute arbitrary shell commands by inserting shell metacharacters into the version or changes …

Remote | Injection
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
6.1 MEDIUM
CVE-2026-47250 — mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exf…

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectl_generic tool in mcp-server-kubernetes passes user-supplied flags direct…

Remote | Injection
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
8.3 HIGH
CVE-2026-47189 — Quest Bot: AutoMod removal can delete rules from another guild by global rule ID

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without ver…

Remote | Authorization
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
2.3 LOW
CVE-2026-47188 — Quest Bot: Unban and unwarn reason fields still allow bot-powered mass mentions.

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the latest release suppresses mentions in several moderation commands, but /unban an…

Remote | Denial of Service
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
8.7 HIGH
CVE-2026-47181 — PenguinMod-BackendApi: NoSQL Injection in Password Reset Endpoint Allows Account Takeover

PenguinMod-BackendApi is the backend api for penguinmod. Prior to version 1.0.0, a NoSQL injection vulnerability in the password reset endpoint allows any authenticated user to change the password of…

Remote | Injection
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
5.7 MEDIUM
CVE-2026-47177 — Quest Bot: Ticket transcripts can disclose private ticket contents to a lower-visibility …

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can set the ticket transcript channel to a cha…

Remote | Information Disclosure
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
5.7 MEDIUM
CVE-2026-47176 — Quest Bot: Logging module can disclose private-channel message contents to a lower-visibi…

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channe…

Remote | Information Disclosure
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
2.3 LOW
CVE-2026-47175 — Quest Bot: Moderation reason fields allow bot-powered `@everyone` / `@here` pings

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies w…

Remote | Misconfiguration
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
9.5 CRITICAL
CVE-2026-47174 — Duck Site: Untrusted pull request code can trigger privileged production deployment

In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with pac…

Remote | Supply Chain
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
6.3 MEDIUM
CVE-2026-47173 — Quest Bot: Ticket reason allows mass-mention injection

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticket with a reason containing @everyone, @here, user me…

Remote | Misconfiguration
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
9.5 CRITICAL
CVE-2026-47172 — Quest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_…

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged bui…

Remote | Misconfiguration
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
8.8 HIGH
CVE-2026-47171 — Quest Bot: Reminder messages allow stored mass mentions through `@everyone` and `@here`

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When …

Remote | Misconfiguration
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
7.7 HIGH
CVE-2026-47170 — Garlic-Hub: SSRF vulnerability in uploadFromUrl endpoint

Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary H…

Remote | Server-Side Request Forgery
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
Showing 20 of 7106 Results