CVE-2026-47173

Quest Bot (Discord bot) prior to v1.0.3 is vulnerable: a normal user can create a ticket with a reason containing @everyone/@here, user or role mentions, causing the attacker-controlled reason to be posted in the new ticket channel if mentions are not suppressed. If the bot has permission to use ...

Dust: BAC – Bypass chatbot restrictions via unauthorized mention injection

The Gemini chatbot was found to have a vulnerability that allowed unauthorized users to bypass permission restrictions and interact with the chatbot. The vulnerability was discovered when a user manually edited the request by changing the "mention" and "configurationId" fields, which allowed them...