duck-organization Quest Bot Vulnerabilities
Duck-organization Quest-bot vulnerabilities.
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Quest Bot: AutoMod removal can delete rules from another guild by global rule ID
CVE-2026-47189Duck-organizationQuest-bot8.3HIGHQuest Bot: Unban and unwarn reason fields still allow bot-powered mass mentions.
CVE-2026-47188Duck-organizationQuest-bot2.3LOWQuest Bot: Ticket transcripts can disclose private ticket contents to a lower-visibility channel
CVE-2026-47177Duck-organizationQuest-bot5.7MEDIUMQuest Bot: Logging module can disclose private-channel message contents to a lower-visibility log channel
CVE-2026-47176Duck-organizationQuest-bot5.7MEDIUMQuest Bot: Moderation reason fields allow bot-powered `@everyone` / `@here` pings
CVE-2026-47175Duck-organizationQuest-bot2.3LOWQuest Bot: Ticket reason allows mass-mention injection
CVE-2026-47173Duck-organizationQuest-bot6.3MEDIUMQuest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_run` deployment.
CVE-2026-47172Duck-organizationQuest-bot9.5CRITICALQuest Bot: Reminder messages allow stored mass mentions through `@everyone` and `@here`
CVE-2026-47171Duck-organizationQuest-bot8.8HIGHQuest Bot: Unprivileged users can create and remove AutoMod rules.
CVE-2026-47163Duck-organizationQuest-bot7.2HIGHQuest Bot: Manage Server users can configure AutoRole to grant Administrator to controlled joining accounts
CVE-2026-47169Duck-organizationQuest-bot7.5HIGH