178 matches found
CVE-2026-12602
Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\Program Files have excessive...
EUVD-2026-38230
Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\Program Files have excessive...
CVE-2026-47175
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies without disabling mention parsing. A moderator who does not have permission to mention everyone can...
CVE-2026-47173
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticket with a reason containing @everyone, @here, user mentions, or role mentions. When the ticket is created, the bot posts the attacker-controlled reason...
CVE-2026-47175 Quest Bot: Moderation reason fields allow bot-powered `@everyone` / `@here` pings
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies without disabling mention parsing. A moderator who does not have permission to mention everyone can...
EUVD-2026-36275
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies without disabling mention parsing. A moderator who does not have permission to mention everyone can...
CVE-2026-47175 Quest Bot: Moderation reason fields allow bot-powered `@everyone` / `@here` pings
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies without disabling mention parsing. A moderator who does not have permission to mention everyone can...
CVE-2026-47175
Quest Bot (open-source Discord bot) prior to v1.0.4 allowed moderation commands to echo user-supplied reason text in public replies without disabling mention parsing, enabling a user with bot permissions to trigger @everyone/@here pings even when they lack mention permissions. The issue is fixed ...
CVE-2026-47173
Quest Bot (Discord bot) prior to v1.0.3 is vulnerable: a normal user can create a ticket with a reason containing @everyone/@here, user or role mentions, causing the attacker-controlled reason to be posted in the new ticket channel if mentions are not suppressed. If the bot has permission to use ...
CVE-2026-47171
CVE-2026-47171 affects Quest Bot (Discord bot). The issue: before v1.0.3, a normal user can create a reminder whose message includes @everyone or @here; when triggered, the bot re-sends the message without suppressing mass mentions, enabling mass pinging if the bot has permission. Root cause: rem...
EUVD-2026-36299
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When the reminder triggers, the bot sends the stored message back into the channel without suppressing...
CVE-2026-47171 Quest Bot: Reminder messages allow stored mass mentions through `@everyone` and `@here`
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When the reminder triggers, the bot sends the stored message back into the channel without suppressing...
Quest Bot 安全漏洞
Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.4 contained security vulnerabilities. These vulnerabilities stemmed from the fact that audit commands did not disable mention resolution, allowing administrators...
CVE-2025-8325
The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x...
CVE-2025-8325
The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x...
CVE-2025-8325 Improper Access Control via Gateway API in Multiple WSO2 Products Allows Unauthorized Operations
The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x...
CVE-2025-8325
The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x...
CVE-2025-8325 Improper Access Control via Gateway API in Multiple WSO2 Products Allows Unauthorized Operations
The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x...
CVE-2025-8325
Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2025-8325; current sources describe an RBAC bypass affecting Gateway and Internal Service APIs in WSO2 products, but no concrete technical specifics are provided here.
PT-2026-39584
Name of the Vulnerable Software and Affected Versions WSO2 APIM versions 3.x Description The software fails to enforce role-based access controls for certain Gateway API and Internal Service API invocations. Users assigned the 'Internal/Everyone' role can invoke these APIs, bypassing intended...