CVE-2024-39905
- EPSS 0.29%
- Veröffentlicht 11.07.2024 16:15:05
- Zuletzt bearbeitet 21.11.2024 09:28:32
Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3rd-party cogs using the `@commands.can_manage_channel()` command permission check without additional permission controls may authorize a user to run a command even when that user do...
CVE-2020-15278
- EPSS 0.26%
- Veröffentlicht 28.10.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:05:15
Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific c...
CVE-2020-15147
- EPSS 2.36%
- Veröffentlicht 21.08.2020 18:15:11
- Zuletzt bearbeitet 21.11.2024 05:04:56
Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live mess...
CVE-2020-15140
- EPSS 0.28%
- Veröffentlicht 21.08.2020 17:15:13
- Zuletzt bearbeitet 21.11.2024 05:04:55
In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this explo...