HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.3	CVE-2026-52858	Vim: Arbitrary Code Execution via Python Omni-Completion_CVE-2026-52858 Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with t...	vim	vim < 9.2.0561	Jun 11, 2026	CVE
HIGH 8.5	CVE-2026-48547	KanaDojo < 0.1.18 Command Injection via patchNotesData.json in release.yml_CVE-2026-48547 KanaDojo contains a command injection vulnerability that allows an attacker with pull request access to execute arbitrary shell commands by inserti...	lingdojo	kana-dojo	Jun 11, 2026	CVE
HIGH 8.3	CVE-2026-47189	Quest Bot: AutoMod removal can delete rules from another guild by global rule ID_CVE-2026-47189 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up...	duck-organization	quest-bot < 1.0.5	Jun 11, 2026	CVE
HIGH 8.7	CVE-2026-47181	PenguinMod-BackendApi: NoSQL Injection in Password Reset Endpoint Allows Account Takeover_CVE-2026-47181 PenguinMod-BackendApi is the backend api for penguinmod. Prior to version 1.0.0, a NoSQL injection vulnerability in the password reset endpoint all...	PenguinMod	PenguinMod-BackendApi < 1.0.0	Jun 11, 2026	CVE
HIGH 8.8	CVE-2026-47171	Quest Bot: Reminder messages allow stored mass mentions through `@everyone` and `@here`_CVE-2026-47171 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a remin...	duck-organization	quest-bot < 1.0.3	Jun 11, 2026	CVE
HIGH 7.7	CVE-2026-47170	Garlic-Hub: SSRF vulnerability in uploadFromUrl endpoint_CVE-2026-47170 Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authentic...	garlic-signage	garlic-hub < 1.1	Jun 11, 2026	CVE
HIGH 7.5	CVE-2026-47169	Quest Bot: Manage Server users can configure AutoRole to grant Administrator to controlled joining accounts_CVE-2026-47169 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / Mana...	duck-organization	quest-bot < 1.0.3	Jun 11, 2026	CVE
HIGH 7.2	CVE-2026-47163	Quest Bot: Unprivileged users can create and remove AutoMod rules._CVE-2026-47163 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.1, any guild member who can invoke ...	duck-organization	quest-bot < 1.0.1	Jun 11, 2026	CVE
HIGH 7.3	CVE-2026-47162	Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name_CVE-2026-47162 Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave(...	vim	vim < 9.2.0495	Jun 11, 2026	CVE
HIGH 8.8	CVE-2026-46519	mcp-server-kubernetes Affected By Tool Access Control Bypass: Presentation-Layer Filtering Without Execution-Layer Enforcement_CVE-2026-46519 mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes t...	Flux159	mcp-server-kubernetes < 3.6.0	Jun 11, 2026	CVE