Lucene search
K

1279 matches found

CVE
CVE
added 2026/06/12 11:52 a.m.22 views

CVE-2026-47195

CVE-2026-47195 affects the Quest Bot (Discord bot). Prior to version 1.1.6, purge and slowmode commands check only guild-level permissions, not the invoking member’s channel-level permissions. A user without channel moderation rights could still delete messages or modify slowmode via the bot. The...

7.1CVSS5.3AI score0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 11:52 a.m.32 views

CVE-2026-47195 Quest Bot: Per-channel permission overwrite bypass in purge and slowmode commands.

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level moderation permissio...

7.1CVSS0.00215EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 11:51 a.m.17 views

CVE-2026-47196

CVE-2026-47196 affects Quest Bot (open-source Discord bot). Before v1.1.6, the automod add command could create an empty rule when input is whitespace because it trims but does not reject an empty result; the message listener then checks content.includes("") which is always true, causing deletion...

8.4CVSS5.3AI score0.00235EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 11:51 a.m.10 views

CVE-2026-47196 Quest Bot: Empty automod rule causes every guild message to be deleted

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty word. The message listener later checks content.includes"", which is always true, causing the bot ...

8.4CVSS5.2AI score0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 11:51 a.m.31 views

CVE-2026-47196 Quest Bot: Empty automod rule causes every guild message to be deleted

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty word. The message listener later checks content.includes"", which is always true, causing the bot ...

8.4CVSS0.00235EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48858

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level moderation permissio...

7.1CVSS5.3AI score0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48860

Name of the Vulnerable Software and Affected Versions Quest Bot versions prior to 1.1.6 Description A moderator possessing the necessary Discord permission bit can utilize the bot to perform moderation actions on users who are higher in the Discord role hierarchy, provided the bot itself has a...

7.2CVSS5.3AI score0.00228EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.25 views

PT-2026-48861

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but stored warning reasons are still printed by /warns without mention suppression. A moderator can create a warning with...

2.1CVSS5.3AI score0.00251EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-48862

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the...

5.3CVSS5.2AI score0.00235EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48859

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty word. The message listener later checks content.includes"", which is always true, causing the bot ...

8.4CVSS5.3AI score0.00235EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 7:16 p.m.8 views

CVE-2026-47188

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the latest release suppresses mentions in several moderation commands, but /unban and /unwarn still echo user-controlled reason text in public bot messages without allowedMentions. A...

2.3CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.9 views

CVE-2026-47177

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can set the ticket transcript channel to a channel they can read. When tickets are closed, the bot exports the full ticket history and sends it ...

5.7CVSS0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.10 views

CVE-2026-47176

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can...

5.7CVSS0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.11 views

CVE-2026-47172

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...

9.5CVSS0.00324EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.12 views

CVE-2026-47175

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies without disabling mention parsing. A moderator who does not have permission to mention everyone can...

2.3CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.14 views

CVE-2026-47173

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticket with a reason containing @everyone, @here, user mentions, or role mentions. When the ticket is created, the bot posts the attacker-controlled reason...

6.3CVSS0.00263EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.14 views

CVE-2026-47171

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When the reminder triggers, the bot sends the stored message back into the channel without suppressing...

8.8CVSS0.00324EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.13 views

CVE-2026-47163

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.1, any guild member who can invoke slash commands can use /automod add, /automod remove, and /automod list because the command has no Discord default permission requirement and no runti...

7.2CVSS0.00215EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.14 views

CVE-2026-47169

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / ManageGuild, but without Manage Roles or Administrator, can configure the bot’s AutoRole feature to assign an arbitrary role to new members. If the select...

7.5CVSS0.00238EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:31 p.m.9 views

CVE-2026-47189 Quest Bot: AutoMod removal can delete rules from another guild by global rule ID

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without verifying that the rule belongs to the guild where the command is executed. A user can learn a victim...

8.3CVSS5.4AI score0.00307EPSS
Exploits0References2
Rows per page
Query Builder