Cog Creators
Products
2- 4 CVEs
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-26249 | Hig | 0.43 | 7.7 | 0.01 | Dec 9, 2020 | Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code… | ||
| CVE-2020-15278 | Hig | 0.43 | 7.7 | 0.01 | Oct 28, 2020 | Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that… | ||
| CVE-2024-39905 | Med | 0.27 | 5.3 | 0.00 | Jul 11, 2024 | Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3rd-party cogs using the `@commands.can_manage_channel()` command permission check without additional permission controls may authorize a user to run a command even when that user doesn't have permissions to… | ||
| CVE-2020-15147 | Hig | 0.00 | 8.5 | 0.02 | Aug 21, 2020 | Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit,… | ||
| CVE-2020-15140 | Hig | 0.00 | 8.2 | 0.01 | Aug 21, 2020 | In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform… |
- risk 0.43cvss 7.7epss 0.01
Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code…
- risk 0.43cvss 7.7epss 0.01
Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that…
- risk 0.27cvss 5.3epss 0.00
Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3rd-party cogs using the `@commands.can_manage_channel()` command permission check without additional permission controls may authorize a user to run a command even when that user doesn't have permissions to…
- risk 0.00cvss 8.5epss 0.02
Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit,…
- risk 0.00cvss 8.2epss 0.01
In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform…