Lucene search
K

18 matches found

NVD
NVD
added 2026/06/12 1:16 p.m.14 views

CVE-2026-47195

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level moderation permissio...

7.1CVSS0.00215EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 11:52 a.m.7 views

CVE-2026-47195 Quest Bot: Per-channel permission overwrite bypass in purge and slowmode commands.

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level moderation permissio...

7.1CVSS5.3AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 11:52 a.m.11 views

EUVD-2026-36413

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level moderation permissio...

7.1CVSS5.3AI score0.00215EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 11:52 a.m.23 views

CVE-2026-47195

CVE-2026-47195 affects the Quest Bot (Discord bot). Prior to version 1.1.6, purge and slowmode commands check only guild-level permissions, not the invoking member’s channel-level permissions. A user without channel moderation rights could still delete messages or modify slowmode via the bot. The...

7.1CVSS5.3AI score0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 11:52 a.m.33 views

CVE-2026-47195 Quest Bot: Per-channel permission overwrite bypass in purge and slowmode commands.

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level moderation permissio...

7.1CVSS0.00215EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48858

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level moderation permissio...

7.1CVSS5.3AI score0.00215EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.19 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypass issues during message reading operations, resulting in bypassing channel permissio...

7.1CVSS5.3AI score0.00215EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/24 12:0 a.m.3 views

OpenClaw has an unspecified vulnerability (CNVD-2026-14838)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a failure to enforce sender authorization checks on interactive callbacks in shared workspace deployments, which can be exploited by an attacker to cause...

8.1CVSS5.9AI score0.00283EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a failure to enforce sender authorization checks on interactive callbacks in shared workspace deployments, which can be exploited by an attacker to cause...

8.1CVSS5.8AI score0.00283EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/13 10:29 a.m.4 views

CVE-2026-22892 Insufficient Authorization in Mattermost Jira Plugin Allows Unauthorized Access to Post Attachments

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS5.5AI score0.00239EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-40463

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00244EPSS
Exploits0References1
Snyk
Snyk
added 2025/06/30 6:31 p.m.3 views

Exposure of Sensitive Information Through Metadata

Overview github.com/mattermost/mattermost-plugin-playbooks/server/app is a package for reliable and repeatable processes using checklists, automation, and retrospectives Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata through improper...

5.4CVSS6.5AI score0.00169EPSS
Exploits0References3
NVD
NVD
added 2025/06/30 5:15 p.m.6 views

CVE-2025-46702

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...

5.4CVSS0.00177EPSS
Exploits0References1
CVE
CVE
added 2025/06/30 4:51 p.m.23 views

CVE-2025-46702

CVE-2025-46702 affects Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x

5.4CVSS6.5AI score0.00177EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2025/06/25 5:55 a.m.5 views

Improper Access Control

Mattermost is vulnerable to Improper Access Control. The vulnerability is due to inadequate enforcement of channel member management permissions due to a flaw in how playbook run participants are handled when linked to channels, allowing unauthorized user modifications...

4.3CVSS6.9AI score0.0021EPSS
Exploits0References3Affected Software2
Snyk
Snyk
added 2025/06/20 3:30 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through improper enforcement of channel member permissions for playbook run participants. An attacker without the 'Manage Channel Members' permission can add or remove users from public and private channels by...

5.4CVSS6.8AI score0.0021EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:18 p.m.9 views

CVE-2021-32646

Roomer is a discord bot cog extension which provides automatic voice channel generation as well as private voice and text channels. A vulnerability has been discovered allowing discord users to get the manage channel permissions in a private VC they have joined. This allowed them to make changes ...

7.5CVSS6.8AI score0.007EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/22 12:0 a.m.5 views

PT-2024-30651 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.8.x through 9.8.2 Mattermost versions 9.5.x through 9.5.7 Mattermost versions 9.9.x through 9.9.1 Mattermost version 9.10.0 Description: The issue is related to a failure in enforcing permissions, which allows a guest us...

5.3CVSS6.9AI score0.00278EPSS
Exploits0References12
Rows per page
Query Builder