Lucene search
K

72 matches found

NVD
NVD
added 2026/06/12 1:16 p.m.11 views

CVE-2026-49347

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the...

5.3CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 1:16 p.m.13 views

CVE-2026-48485

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but stored warning reasons are still printed by /warns without mention suppression. A moderator can create a warning with...

2.1CVSS0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 1:16 p.m.13 views

CVE-2026-47196

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty word. The message listener later checks content.includes"", which is always true, causing the bot ...

8.4CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 1:16 p.m.13 views

CVE-2026-47197

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections...

7.2CVSS0.00228EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 11:54 a.m.8 views

CVE-2026-49347 Quest Bot: Ticket creation has no per-user open-ticket limit or cooldown

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the...

5.3CVSS5.2AI score0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 11:54 a.m.29 views

CVE-2026-49347 Quest Bot: Ticket creation has no per-user open-ticket limit or cooldown

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the...

5.3CVSS0.00235EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 11:54 a.m.15 views

CVE-2026-49347

CVE-2026-49347 affects Quest Bot (Discord bot). Before v1.1.8, any user who can access the ticket panel could repeatedly create new ticket channels; the system did not enforce a per-user open-ticket limit or cooldown. The issue persists in that the latest release still creates a new database tick...

5.3CVSS5.2AI score0.00235EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 11:53 a.m.14 views

CVE-2026-48485

The CVE-2026-48485 affects Quest Bot (Discord bot). Before version 1.1.6, the bot suppressed mentions when actions like creating a warning occurred, but stored warning reasons can still be printed by /warns, potentially triggering a mass ping if the bot has permission. The root cause is that stor...

2.1CVSS5.3AI score0.00251EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 11:53 a.m.26 views

CVE-2026-48485 Quest Bot: Stored warn reasons can still trigger bot-powered mass mentions through `/warns`.

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but stored warning reasons are still printed by /warns without mention suppression. A moderator can create a warning with...

2.1CVSS0.00251EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 11:53 a.m.8 views

CVE-2026-48485 Quest Bot: Stored warn reasons can still trigger bot-powered mass mentions through `/warns`.

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but stored warning reasons are still printed by /warns without mention suppression. A moderator can create a warning with...

2.1CVSS5.2AI score0.00251EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 11:52 a.m.29 views

CVE-2026-47197 Quest Bot: Discord moderation role hierarchy bypass in ban, kick, mute, unmute, warn, and nickname commands

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections...

7.2CVSS0.00228EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 11:52 a.m.32 views

CVE-2026-47197

CVE-2026-47197 concerns the Quest Bot for Discord. Before version 1.1.6, a moderator who has the relevant Discord permission can use the bot to moderate users who are higher in the Discord role hierarchy, provided the bot itself outranks the target. This bypasses Discord’s normal role hierarchy p...

7.2CVSS5.3AI score0.00228EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 11:52 a.m.15 views

CVE-2026-47195

CVE-2026-47195 affects the Quest Bot (Discord bot). Prior to version 1.1.6, purge and slowmode commands check only guild-level permissions, not the invoking member’s channel-level permissions. A user without channel moderation rights could still delete messages or modify slowmode via the bot. The...

7.1CVSS5.3AI score0.00215EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 11:52 a.m.6 views

CVE-2026-47195 Quest Bot: Per-channel permission overwrite bypass in purge and slowmode commands.

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level moderation permissio...

7.1CVSS5.3AI score0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 11:52 a.m.27 views

CVE-2026-47195 Quest Bot: Per-channel permission overwrite bypass in purge and slowmode commands.

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level moderation permissio...

7.1CVSS0.00215EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 11:51 a.m.8 views

CVE-2026-47196 Quest Bot: Empty automod rule causes every guild message to be deleted

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty word. The message listener later checks content.includes"", which is always true, causing the bot ...

8.4CVSS5.2AI score0.00235EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 11:51 a.m.14 views

CVE-2026-47196

CVE-2026-47196 affects Quest Bot (open-source Discord bot). Before v1.1.6, the automod add command could create an empty rule when input is whitespace because it trims but does not reject an empty result; the message listener then checks content.includes("") which is always true, causing deletion...

8.4CVSS5.3AI score0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 11:51 a.m.28 views

CVE-2026-47196 Quest Bot: Empty automod rule causes every guild message to be deleted

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty word. The message listener later checks content.includes"", which is always true, causing the bot ...

8.4CVSS0.00235EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48858

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level moderation permissio...

7.1CVSS5.3AI score0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.11 views

PT-2026-48862

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the...

5.3CVSS5.2AI score0.00235EPSS
Exploits0References3
Rows per page
Query Builder