Lucene search
K

730 matches found

OSV
OSV
added 6 days ago4 views

RHSA-2026:36796 Red Hat Security Advisory: Red Hat Edge Manager Version 1.0.3 Security Update

Bulletin has no description...

9.1CVSS6.8AI score0.01557EPSS
Exploits3References167
NVD
NVD
added 2026/07/08 12:17 p.m.9 views

CVE-2026-6230

The Tainacan plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geoquery' parameter in all versions up to and including 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

7.5CVSS0.00273EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/08 11:30 a.m.6 views

EUVD-2026-42215

The Tainacan plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geoquery' parameter in all versions up to and including 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

7.5CVSS6AI score0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/08 11:30 a.m.32 views

CVE-2026-6230 Tainacan <= 1.0.3 - Unauthenticated SQL Injection via 'geoquery' REST API Parameter

The Tainacan plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geoquery' parameter in all versions up to and including 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

7.5CVSS0.00273EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 4:11 p.m.4 views

MAL-2026-6791 Malicious code in npm-show-date-proof-strings (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 884f2797ddf6247c906bb97e72b3c0891551b260980811d50c7211ab2ea0bbcf The package's postinstall.js runs on every npm install and collects the installer's username via whoami and os.userInfo, hostname os.hostname, platfo...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-525 rfc3161-client has insufficient verification for timestamp response signatures

Impact rfc3161-client 1.0.2 and earlier contain a flaw in their timestamp response signature verification logic. In particular, it performs chain verification against the TSR's embedded certificates up to the trusted roots, but fails to verify the TSR's own signature against the timestamping leaf...

9.3CVSS5.7AI score0.00147EPSS
Exploits0References6
NVD
NVD
added 2026/06/11 7:16 p.m.12 views

CVE-2026-47172

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...

9.5CVSS0.00324EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.15 views

CVE-2026-47171

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When the reminder triggers, the bot sends the stored message back into the channel without suppressing...

8.8CVSS0.00324EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.15 views

CVE-2026-47173

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticket with a reason containing @everyone, @here, user mentions, or role mentions. When the ticket is created, the bot posts the attacker-controlled reason...

6.3CVSS0.00263EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 6:29 p.m.10 views

EUVD-2026-36274

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticket with a reason containing @everyone, @here, user mentions, or role mentions. When the ticket is created, the bot posts the attacker-controlled reason...

6.3CVSS5.4AI score0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 6:29 p.m.29 views

CVE-2026-47173 Quest Bot: Ticket reason allows mass-mention injection

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticket with a reason containing @everyone, @here, user mentions, or role mentions. When the ticket is created, the bot posts the attacker-controlled reason...

6.3CVSS0.00263EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:29 p.m.11 views

CVE-2026-47173 Quest Bot: Ticket reason allows mass-mention injection

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticket with a reason containing @everyone, @here, user mentions, or role mentions. When the ticket is created, the bot posts the attacker-controlled reason...

6.3CVSS5.2AI score0.00263EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 6:29 p.m.3 views

CVE-2026-47173 Quest Bot: Ticket reason allows mass-mention injection

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticket with a reason containing @everyone, @here, user mentions, or role mentions. When the ticket is created, the bot posts the attacker-controlled reason...

6.3CVSS5.9AI score0.00263EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/11 6:28 p.m.54 views

EUVD-2026-36300

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...

9.5CVSS5.5AI score0.00324EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 6:28 p.m.20 views

CVE-2026-47172

Quest Bot (open-source Discord bot) contains a privilege escalation in the deploy workflow prior to v1.0.3. The repository’s privileged deploy workflow runs after the unprivileged build, and when a PR from a main branch is opened, the deploy workflow can check out the PR head_sha, build it into a...

9.5CVSS5.5AI score0.00324EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:28 p.m.9 views

CVE-2026-47172 Quest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_run` deployment.

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...

9.5CVSS5.5AI score0.00324EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 6:28 p.m.10 views

EUVD-2026-36299

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When the reminder triggers, the bot sends the stored message back into the channel without suppressing...

8.8CVSS5.4AI score0.00324EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 6:28 p.m.14 views

CVE-2026-47171

CVE-2026-47171 affects Quest Bot (Discord bot). The issue: before v1.0.3, a normal user can create a reminder whose message includes @everyone or @here; when triggered, the bot re-sends the message without suppressing mass mentions, enabling mass pinging if the bot has permission. Root cause: rem...

8.8CVSS5.4AI score0.00324EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 6:28 p.m.3 views

CVE-2026-47171 Quest Bot: Reminder messages allow stored mass mentions through `@everyone` and `@here`

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When the reminder triggers, the bot sends the stored message back into the channel without suppressing...

8.8CVSS5.9AI score0.00324EPSS
Exploits0References4
CVE
CVE
added 2026/06/11 6:25 p.m.15 views

CVE-2026-47169

CVE-2026-47169 affects Quest Bot (Discord bot). Before v1.0.3, a user with Manage Server/ManageGuild but without Manage Roles or Admin can abuse AutoRole to grant an Administrator role to a new member if the role is below the bot’s highest role. This can lead to a controlled account gaining full ...

7.5CVSS5.5AI score0.00238EPSS
Exploits0References2
Rows per page
Query Builder