|
741
|
- |
|
-
|
-
|
In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with pac…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-47174
|
2026-06-12 06:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
742
|
8.8 |
HIGH
Network
|
-
|
-
|
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables (ALLOW_ONLY_READONLY_TOOL…
|
CWE-863
Incorrect Authorization
|
CVE-2026-46519
|
2026-06-12 06:01 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
743
|
6.1 |
MEDIUM
Network
|
-
|
-
|
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectl_generic tool in mcp-server-kubernetes passes user-supplied flags direct…
|
CWE-88
Argument Injection
|
CVE-2026-47250
|
2026-06-12 06:01 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
744
|
- |
|
-
|
-
|
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.1, any guild member who can invoke slash commands can use /automod add, /automod remove…
|
CWE-862
Missing Authorization
|
CVE-2026-47163
|
2026-06-12 05:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
745
|
- |
|
-
|
-
|
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / ManageGuild, but without Manage Roles or Administrator, …
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-47169
|
2026-06-12 05:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
746
|
7.7 |
HIGH
Network
|
-
|
-
|
Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary H…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-47170
|
2026-06-12 05:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
747
|
- |
|
-
|
-
|
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When …
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-47171
|
2026-06-12 05:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
748
|
- |
|
-
|
-
|
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged bui…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-47172
|
2026-06-12 05:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
749
|
- |
|
-
|
-
|
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channe…
|
CWE-200
Information Exposure
|
CVE-2026-47176
|
2026-06-12 05:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
750
|
- |
|
-
|
-
|
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can set the ticket transcript channel to a cha…
|
CWE-200
Information Exposure
|
CVE-2026-47177
|
2026-06-12 05:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
