Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.3 HIGH
CVE-2026-52858 — Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled (and the legacy pyth…

vim | Remote | Supply Chain
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
8.5 HIGH
CVE-2026-48547 — KanaDojo < 0.1.18 Command Injection via patchNotesData.json in release.yml

KanaDojo contains a command injection vulnerability that allows an attacker with pull request access to execute arbitrary shell commands by inserting shell metacharacters into the version or changes …

Remote | Injection
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
6.1 MEDIUM
CVE-2026-47250 — mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exf…

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectl_generic tool in mcp-server-kubernetes passes user-supplied flags direct…

mcp-server-kubernetes | Remote | Injection
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
8.3 HIGH
CVE-2026-47189 — Quest Bot: AutoMod removal can delete rules from another guild by global rule ID

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without ver…

Remote | Authorization
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
2.3 LOW
CVE-2026-47188 — Quest Bot: Unban and unwarn reason fields still allow bot-powered mass mentions.

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the latest release suppresses mentions in several moderation commands, but /unban an…

Remote | Denial of Service
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
8.7 HIGH
CVE-2026-47181 — PenguinMod-BackendApi: NoSQL Injection in Password Reset Endpoint Allows Account Takeover

PenguinMod-BackendApi is the backend api for penguinmod. Prior to version 1.0.0, a NoSQL injection vulnerability in the password reset endpoint allows any authenticated user to change the password of…

Remote | Injection
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
5.7 MEDIUM
CVE-2026-47177 — Quest Bot: Ticket transcripts can disclose private ticket contents to a lower-visibility …

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can set the ticket transcript channel to a cha…

Remote | Information Disclosure
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
5.7 MEDIUM
CVE-2026-47176 — Quest Bot: Logging module can disclose private-channel message contents to a lower-visibi…

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channe…

Remote | Information Disclosure
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
2.3 LOW
CVE-2026-47175 — Quest Bot: Moderation reason fields allow bot-powered `@everyone` / `@here` pings

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies w…

Remote | Misconfiguration
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
9.5 CRITICAL
CVE-2026-47174 — Duck Site: Untrusted pull request code can trigger privileged production deployment

In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with pac…

Remote | Supply Chain
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
6.3 MEDIUM
CVE-2026-47173 — Quest Bot: Ticket reason allows mass-mention injection

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticket with a reason containing @everyone, @here, user me…

Remote | Misconfiguration
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
9.5 CRITICAL
CVE-2026-47172 — Quest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_…

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged bui…

Remote | Misconfiguration
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
8.8 HIGH
CVE-2026-47171 — Quest Bot: Reminder messages allow stored mass mentions through `@everyone` and `@here`

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When …

Remote | Misconfiguration
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
7.7 HIGH
CVE-2026-47170 — Garlic-Hub: SSRF vulnerability in uploadFromUrl endpoint

Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary H…

Remote | Server-Side Request Forgery
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
7.5 HIGH
CVE-2026-47169 — Quest Bot: Manage Server users can configure AutoRole to grant Administrator to controlle…

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / ManageGuild, but without Manage Roles or Administrator, …

Remote | Authorization
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
5.1 MEDIUM
CVE-2026-47167 — Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition reg…

Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch() in the cucumber filetype plugin (runtime/ftplugin/cucumber.vim) on V…

vim | Remote | Injection
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
7.2 HIGH
CVE-2026-47163 — Quest Bot: Unprivileged users can create and remove AutoMod rules.

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.1, any guild member who can invoke slash commands can use /automod add, /automod remove…

Remote | Authorization
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
7.3 HIGH
CVE-2026-47162 — Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave() in the netrw plugin (runtime/pack/dist/opt/netrw/a…

vim | Remote | Injection
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
8.8 HIGH
CVE-2026-46519 — mcp-server-kubernetes Affected By Tool Access Control Bypass: Presentation-Layer Filterin…

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables (ALLOW_ONLY_READONLY_TOOL…

mcp-server-kubernetes | Remote | Authorization
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
8.4 HIGH
CVE-2026-45178 — Idira Secrets Manager Self-Hosted: Improper Access Control in Internal Cluster Endpoints

Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credenti…

conjur_enterprise | Remote | Authorization
Jun 11, 2026 Jun 11, 2026
Jun 11, 2026
Jun 11, 2026
Showing 20 of 7067 Results