|
561
|
- |
|
-
|
-
|
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged bui…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-47172
|
2026-06-12 05:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
562
|
- |
|
-
|
-
|
PenguinMod-BackendApi is the backend api for penguinmod. Prior to version 1.0.0, a NoSQL injection vulnerability in the password reset endpoint allows any authenticated user to change the password of…
|
CWE-20
CWE-943
Improper Input Validation
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-47181
|
2026-06-12 05:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
563
|
- |
|
-
|
-
|
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without ver…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-47189
|
2026-06-12 05:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
564
|
7.3 |
HIGH
Network
|
-
|
-
|
KanaDojo contains a command injection vulnerability that allows an attacker with pull request access to execute arbitrary shell commands by inserting shell metacharacters into the version or changes …
|
CWE-78
OS Command
|
CVE-2026-48547
|
2026-06-12 05:57 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
565
|
- |
|
-
|
-
|
Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulat…
|
CWE-269
Improper Privilege Management
|
CVE-2026-45176
|
2026-06-12 05:56 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
566
|
- |
|
-
|
-
|
Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submittin…
|
CWE-284
Improper Access Control
|
CVE-2026-45177
|
2026-06-12 05:56 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
567
|
- |
|
-
|
-
|
Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credenti…
|
CWE-284
Improper Access Control
|
CVE-2026-45178
|
2026-06-12 05:56 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
568
|
7.6 |
HIGH
Network
|
-
|
-
|
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). In sasl_io_start_packet(), adding sizeof(uint32_t) to a crafted SASL packet length prefix of 0xFFFFFFFC…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-11774
|
2026-06-12 05:56 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
569
|
- |
|
-
|
-
|
Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch() in the cucumber filetype plugin (runtime/ftplugin/cucumber.vim) on V…
|
CWE-94
CWE-95
Code Injection
Eval Injection
|
CVE-2026-47167
|
2026-06-12 05:56 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
570
|
- |
|
-
|
-
|
Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled (and the legacy pyth…
|
CWE-94
CWE-95
CWE-829
Code Injection
Eval Injection
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-52858
|
2026-06-12 05:56 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
