duck-organization Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by duck-organization
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Duck Site: Untrusted pull request code can trigger privileged production deployment
CVE-2026-47174Duck-organizationDuck-site9.5CRITICALQuest Bot: AutoMod removal can delete rules from another guild by global rule ID
CVE-2026-47189Duck-organizationQuest-bot8.3HIGHQuest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_run` deployment.
CVE-2026-47172Duck-organizationQuest-bot9.5CRITICALQuest Bot: Reminder messages allow stored mass mentions through `@everyone` and `@here`
CVE-2026-47171Duck-organizationQuest-bot8.8HIGHQuest Bot: Unprivileged users can create and remove AutoMod rules.
CVE-2026-47163Duck-organizationQuest-bot7.2HIGHQuest Bot: Manage Server users can configure AutoRole to grant Administrator to controlled joining accounts
CVE-2026-47169Duck-organizationQuest-bot7.5HIGH