CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-53702	Gstreamer1-plugins-bad-free: gstreamer: stack buffer overflow in h.265 buffering period sei parser_CVE-2026-53702 A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library (gst-plugins-bad). When parsing a buffering period SEI message, ...	Red Hat	Red Hat Enterprise Linux 10	Jun 11, 2026	CVE
MEDIUM 6.5	CVE-2026-53701	Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds write in h.266/vvc pps picture partition parser_CVE-2026-53701 An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-plugins-bad. In the multi-slice-in-tile...	Red Hat	Red Hat Enterprise Linux 10	Jun 11, 2026	CVE
HIGH 7.5	CVE-2026-52860	Vim: Arbitrary Code Execution via Python Omni-Completion_CVE-2026-52860 Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class ...	vim	vim < 9.2.0597	Jun 11, 2026	CVE
MEDIUM 6.9	CVE-2026-52859	Vim: Out-of-bounds Read in Terminal Screen Snapshot_CVE-2026-52859 Vim is an open source, command line text editor. Prior to version 9.2.0565, the update_snapshot() function in src/terminal.c copies the visible ter...	vim	vim < 9.2.0565	Jun 11, 2026	CVE
HIGH 7.3	CVE-2026-52858	Vim: Arbitrary Code Execution via Python Omni-Completion_CVE-2026-52858 Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with t...	vim	vim < 9.2.0561	Jun 11, 2026	CVE
HIGH 8.5	CVE-2026-48547	KanaDojo < 0.1.18 Command Injection via patchNotesData.json in release.yml_CVE-2026-48547 KanaDojo contains a command injection vulnerability that allows an attacker with pull request access to execute arbitrary shell commands by inserti...	lingdojo	kana-dojo	Jun 11, 2026	CVE
MEDIUM 6.1	CVE-2026-47250	mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration_CVE-2026-47250 mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectl_generic tool in mcp...	Flux159	mcp-server-kubernetes < 3.7.0	Jun 11, 2026	CVE
HIGH 8.3	CVE-2026-47189	Quest Bot: AutoMod removal can delete rules from another guild by global rule ID_CVE-2026-47189 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up...	duck-organization	quest-bot < 1.0.5	Jun 11, 2026	CVE
LOW 2.3	CVE-2026-47188	Quest Bot: Unban and unwarn reason fields still allow bot-powered mass mentions._CVE-2026-47188 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the latest release suppresses me...	duck-organization	quest-bot < 1.0.5	Jun 11, 2026	CVE
HIGH 8.7	CVE-2026-47181	PenguinMod-BackendApi: NoSQL Injection in Password Reset Endpoint Allows Account Takeover_CVE-2026-47181 PenguinMod-BackendApi is the backend api for penguinmod. Prior to version 1.0.0, a NoSQL injection vulnerability in the password reset endpoint all...	PenguinMod	PenguinMod-BackendApi < 1.0.0	Jun 11, 2026	CVE