Vulnerabilidades en duck-organization
16 resultadosCVE-2026-47171HIGHQuest Bot: Reminder messages allow stored mass mentions through `@everyone` and `@here`EPSS 0.3%CVE-2026-47172CRITICALQuest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_run` deployment.EPSS 0.3%CVE-2026-47174CRITICALDuck Site: Untrusted pull request code can trigger privileged production deploymentEPSS 0.3%CVE-2026-47189HIGHQuest Bot: AutoMod removal can delete rules from another guild by global rule IDEPSS 0.3%CVE-2026-47173MEDIUMQuest Bot: Ticket reason allows mass-mention injectionEPSS 0.3%CVE-2026-48485LOWQuest Bot: Stored warn reasons can still trigger bot-powered mass mentions through `/warns`.EPSS 0.3%CVE-2026-47177MEDIUMQuest Bot: Ticket transcripts can disclose private ticket contents to a lower-visibility channelEPSS 0.3%CVE-2026-47176MEDIUMQuest Bot: Logging module can disclose private-channel message contents to a lower-visibility log channelEPSS 0.3%CVE-2026-47169HIGHQuest Bot: Manage Server users can configure AutoRole to grant Administrator to controlled joining accountsEPSS 0.2%CVE-2026-47196HIGHQuest Bot: Empty automod rule causes every guild message to be deletedEPSS 0.2%CVE-2026-47188LOWQuest Bot: Unban and unwarn reason fields still allow bot-powered mass mentions.EPSS 0.2%CVE-2026-47175LOWQuest Bot: Moderation reason fields allow bot-powered `@everyone` / `@here` pingsEPSS 0.2%CVE-2026-49347MEDIUMQuest Bot: Ticket creation has no per-user open-ticket limit or cooldownEPSS 0.2%CVE-2026-47197HIGHQuest Bot: Discord moderation role hierarchy bypass in ban, kick, mute, unmute, warn, and nickname commandsEPSS 0.2%CVE-2026-47163HIGHQuest Bot: Unprivileged users can create and remove AutoMod rules.EPSS 0.2%CVE-2026-47195HIGHQuest Bot: Per-channel permission overwrite bypass in purge and slowmode commands.EPSS 0.2%