CVE ID :CVE-2026-47172 Published : June 11, 2026, 7:16 p.m. | 1 hour, 48 minutes ago Description :Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

CVE-2026-47172 - Quest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_run` deployment.

VERWANDTEARTIKEL

ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities

CVE-2026-49973 - Hermes WebUI < 0.51.358 Unauthenticated Password Takeover via /api/settings

CVE-2026-46489 - SolidInvoice: Unrestricted file upload with no MIME validation allows stored XSS via malicious SVG logo

CVE-2026-46622 - SolidInvoice: API tokens stored as plaintext in the database allowing full credential compromise on database breach

CVE-2026-45175 - Idira Endpoint Privilege Manager Agent: Security Control and Cryptographic Validation Bypass in Internal Agent Validation Processes

CVE-2026-53819 - OpenClaw < 2026.5.27 - Arbitrary Homebrew Executable Execution via Workspace .env Override