CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.3	CVE-2026-52858	Vim: Arbitrary Code Execution via Python Omni-Completion_CVE-2026-52858 Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with t...	vim	vim < 9.2.0561	Jun 11, 2026	CVE
HIGH 8.5	CVE-2026-48547	KanaDojo < 0.1.18 Command Injection via patchNotesData.json in release.yml_CVE-2026-48547 KanaDojo contains a command injection vulnerability that allows an attacker with pull request access to execute arbitrary shell commands by inserti...	lingdojo	kana-dojo	Jun 11, 2026	CVE
MEDIUM 6.1	CVE-2026-47250	mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration_CVE-2026-47250 mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectl_generic tool in mcp...	Flux159	mcp-server-kubernetes < 3.7.0	Jun 11, 2026	CVE
HIGH 8.3	CVE-2026-47189	Quest Bot: AutoMod removal can delete rules from another guild by global rule ID_CVE-2026-47189 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up...	duck-organization	quest-bot < 1.0.5	Jun 11, 2026	CVE
LOW 2.3	CVE-2026-47188	Quest Bot: Unban and unwarn reason fields still allow bot-powered mass mentions._CVE-2026-47188 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the latest release suppresses me...	duck-organization	quest-bot < 1.0.5	Jun 11, 2026	CVE
HIGH 8.7	CVE-2026-47181	PenguinMod-BackendApi: NoSQL Injection in Password Reset Endpoint Allows Account Takeover_CVE-2026-47181 PenguinMod-BackendApi is the backend api for penguinmod. Prior to version 1.0.0, a NoSQL injection vulnerability in the password reset endpoint all...	PenguinMod	PenguinMod-BackendApi < 1.0.0	Jun 11, 2026	CVE
MEDIUM 5.7	CVE-2026-47177	Quest Bot: Ticket transcripts can disclose private ticket contents to a lower-visibility channel_CVE-2026-47177 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot set...	duck-organization	quest-bot < 1.0.4	Jun 11, 2026	CVE
MEDIUM 5.7	CVE-2026-47176	Quest Bot: Logging module can disclose private-channel message contents to a lower-visibility log channel_CVE-2026-47176 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot set...	duck-organization	quest-bot < 1.0.4	Jun 11, 2026	CVE
LOW 2.3	CVE-2026-47175	Quest Bot: Moderation reason fields allow bot-powered `@everyone` / `@here` pings_CVE-2026-47175 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo...	duck-organization	quest-bot < 1.0.4	Jun 11, 2026	CVE
CRITICAL 9.5	CVE-2026-47174	Duck Site: Untrusted pull request code can trigger privileged production deployment_CVE-2026-47174 In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pu...	duck-organization	duck-site < 1.0.1	Jun 11, 2026	CVE