CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.5	CVE-2026-47174	Duck Site: Untrusted pull request code can trigger privileged production deployment_CVE-2026-47174 In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pu...	duck-organization	duck-site < 1.0.1	Jun 11, 2026	CVE
MEDIUM 6.3	CVE-2026-47173	Quest Bot: Ticket reason allows mass-mention injection_CVE-2026-47173 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticke...	duck-organization	quest-bot < 1.0.3	Jun 11, 2026	CVE
CRITICAL 9.5	CVE-2026-47172	Quest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_run` deployment._CVE-2026-47172 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged ...	duck-organization	quest-bot < 1.0.3	Jun 11, 2026	CVE
HIGH 8.8	CVE-2026-47171	Quest Bot: Reminder messages allow stored mass mentions through `@everyone` and `@here`_CVE-2026-47171 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a remin...	duck-organization	quest-bot < 1.0.3	Jun 11, 2026	CVE
HIGH 7.7	CVE-2026-47170	Garlic-Hub: SSRF vulnerability in uploadFromUrl endpoint_CVE-2026-47170 Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authentic...	garlic-signage	garlic-hub < 1.1	Jun 11, 2026	CVE
HIGH 7.5	CVE-2026-47169	Quest Bot: Manage Server users can configure AutoRole to grant Administrator to controlled joining accounts_CVE-2026-47169 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / Mana...	duck-organization	quest-bot < 1.0.3	Jun 11, 2026	CVE
MEDIUM 5.1	CVE-2026-47167	Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex_CVE-2026-47167 Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch() in the cucumber ...	vim	vim < 9.2.0496	Jun 11, 2026	CVE
HIGH 7.2	CVE-2026-47163	Quest Bot: Unprivileged users can create and remove AutoMod rules._CVE-2026-47163 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.1, any guild member who can invoke ...	duck-organization	quest-bot < 1.0.1	Jun 11, 2026	CVE
HIGH 7.3	CVE-2026-47162	Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name_CVE-2026-47162 Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave(...	vim	vim < 9.2.0495	Jun 11, 2026	CVE
HIGH 8.8	CVE-2026-46519	mcp-server-kubernetes Affected By Tool Access Control Bypass: Presentation-Layer Filtering Without Execution-Layer Enforcement_CVE-2026-46519 mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes t...	Flux159	mcp-server-kubernetes < 3.6.0	Jun 11, 2026	CVE