Vulns are a subset of bugs. What the above commenter is saying, is that some bugs don't belong to this category.

No, not all vulnerabilities are bugs. "Bug" implies a system working in a way its creators did not intend, but a system can be working exactly as intended yet have a vulnerability.

For example, if you allow weak passwords, then you have a trivial vulnerability to people guessing other people's passwords. But nothing about the login system is working differently from how anyone intended. It's just that the intentions themselves were naïve.

But not the other way around, which makes them different.