These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-47189 is a HIGH severity vulnerability in Quest Bot, an open-source modern Discord Bot. The AutoMod remove flow can be exploited to remove rules from a guild where the attacker has Manage Server permissions, by learning the victim guild's AutoMod rule ID through autocomplete. This issue has been patched in version 1.0.5.
CVE-2026-47188 is a low-severity vulnerability in Quest Bot, a Discord bot, that allows moderators to send mass pings using the /unban and /unwarn commands. The vulnerability exists because the bot echoes user-controlled reason text in public bot messages without properly handling allowedMentions. This allows a moderator to use @everyone or @here in the reason and make the bot send a mass ping. The issue [truncated]
CVE-2026-47177 is a MEDIUM severity vulnerability in Quest Bot, an open-source Discord Bot. A user with bot settings configuration permissions can set the bot's ticket transcript channel to a channel they can read. When tickets are closed, the bot exports the full ticket history and sends it to that configured transcript channel. This can expose private ticket messages to users who could not read the orig [truncated]
CVE-2026-47176 is a sensitive information disclosure vulnerability in Quest Bot, a modern Discord Bot built for moderation, utilities, and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can see, including private channels the configuring user ca [truncated]
CVE-2026-47175 is a low-severity vulnerability in Quest Bot, an open-source Discord bot. The bot echoes user-controlled reason text in public replies without disabling mention parsing. This allows a moderator without permission to mention everyone to make the bot send @everyone or @here if the bot has that permission. The issue was patched in version 1.0.4.
CVE-2026-47174 is a critical vulnerability in Duck Site, a software product with an unknown vendor. The vulnerability has a CVSS score of 9.5 and a severity of CRITICAL. The issue arises from the deploy workflow in Duck Site, which runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with package-write permissions and deployment secrets. An atta [truncated]
CVE-2026-47173 is a vulnerability in Quest Bot, an open-source modern Discord Bot. A normal user can create a ticket with a reason containing @everyone, @here, user mentions, or role mentions. When the ticket is created, the bot posts the attacker-controlled reason into the new ticket channel without suppressing mentions. If the bot has permission to use those mentions, the attacker can make the bot ping [truncated]
CVE-2026-47172 is a CRITICAL vulnerability in Quest Bot, an open-source Discord bot. The vulnerability allows for remote code execution due to a privileged deploy workflow that runs after an unprivileged build workflow, potentially allowing an attacker to deploy a malicious container and compromise the production bot. This issue has been patched in version 1.0.3.
CVE-2026-47171 is a high-severity vulnerability in Quest Bot, a Discord bot, allowing normal users to create reminders that trigger mass mentions, potentially pinging the entire server or channel. This issue was patched in version 1.0.3.
CVE-2026-47169 is a HIGH severity vulnerability in Quest Bot, an open-source Discord bot. A user with Manage Server permissions, but without Manage Roles or Administrator, can exploit the AutoRole feature to assign an arbitrary role to new members. If the selected role has Administrator and is below the bot's highest role, the attacker can join with a controlled account and receive full server admin. This [truncated]
CVE-2026-47163 is a high-severity vulnerability in Quest Bot, a Discord bot, allowing unauthorized guild members to manage automod rules, potentially leading to message deletion. The vulnerability has a CVSS score of 7.2 and was patched in version 1.0.1.