| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-47250 | mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration | Flux159 | mcp-server-kubernetes | Medium | 6.1 | 2026-06-11 18:35:51 | Deep Dive |
| CVE-2026-46519🧪 | mcp-server-kubernetes Affected By Tool Access Control Bypass: Presentation-Layer Filtering Without Execution-Layer Enforcement | Flux159 | mcp-server-kubernetes | High | 8.8 | 2026-06-11 18:34:15 | Deep Dive |
| CVE-2026-52860 | Vim: Arbitrary Code Execution via Python Omni-Completion | vim | vim | - | - | 2026-06-11 18:33:46 | Deep Dive |
| CVE-2026-48547🧪 | KanaDojo < 0.1.18 Command Injection via patchNotesData.json in release.yml | lingdojo | kana-dojo | High | 7.3 | 2026-06-11 18:33:15 | Deep Dive |
| CVE-2026-52859 | Vim: Out-of-bounds Read in Terminal Screen Snapshot | vim | vim | - | - | 2026-06-11 18:33:10 | Deep Dive |
| CVE-2026-52858 | Vim: Arbitrary Code Execution via Python Omni-Completion | vim | vim | - | - | 2026-06-11 18:32:33 | Deep Dive |
| CVE-2026-47162 | Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name | vim | vim | - | - | 2026-06-11 18:32:14 | Deep Dive |
| CVE-2026-47167 | Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex | vim | vim | - | - | 2026-06-11 18:31:44 | Deep Dive |
| CVE-2026-47189 | Quest Bot: AutoMod removal can delete rules from another guild by global rule ID | duck-organization | quest-bot | - | - | 2026-06-11 18:31:25 | Deep Dive |
| CVE-2026-47188 | Quest Bot: Unban and unwarn reason fields still allow bot-powered mass mentions. | duck-organization | quest-bot | - | - | 2026-06-11 18:30:49 | Deep Dive |
| CVE-2026-47177 | Quest Bot: Ticket transcripts can disclose private ticket contents to a lower-visibility channel | duck-organization | quest-bot | - | - | 2026-06-11 18:30:25 | Deep Dive |
| CVE-2026-47176 | Quest Bot: Logging module can disclose private-channel message contents to a lower-visibility log channel | duck-organization | quest-bot | - | - | 2026-06-11 18:29:56 | Deep Dive |
| CVE-2026-47175 | Quest Bot: Moderation reason fields allow bot-powered `@everyone` / `@here` pings | duck-organization | quest-bot | - | - | 2026-06-11 18:29:43 | Deep Dive |
| CVE-2026-47173 | Quest Bot: Ticket reason allows mass-mention injection | duck-organization | quest-bot | - | - | 2026-06-11 18:29:32 | Deep Dive |
| CVE-2026-47172 | Quest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_run` deployment. | duck-organization | quest-bot | - | - | 2026-06-11 18:28:53 | Deep Dive |
| CVE-2026-47171 | Quest Bot: Reminder messages allow stored mass mentions through `@everyone` and `@here` | duck-organization | quest-bot | - | - | 2026-06-11 18:28:08 | Deep Dive |
| CVE-2026-47163 | Quest Bot: Unprivileged users can create and remove AutoMod rules. | duck-organization | quest-bot | - | - | 2026-06-11 18:27:41 | Deep Dive |
| CVE-2026-47169 | Quest Bot: Manage Server users can configure AutoRole to grant Administrator to controlled joining accounts | duck-organization | quest-bot | - | - | 2026-06-11 18:25:33 | Deep Dive |
| CVE-2026-45178 | Idira Secrets Manager Self-Hosted: Improper Access Control in Internal Cluster Endpoints | CyberArk Software, a Palo Alto Networks Company | Conjur Enterprise | - | - | 2026-06-11 18:19:08 | Deep Dive |
| CVE-2026-53702 | Gstreamer1-plugins-bad-free: gstreamer: stack buffer overflow in h.265 buffering period sei parser | Red Hat | Red Hat Enterprise Linux 10 | Medium | 6.5 | 2026-06-11 18:15:39 | Deep Dive |