Discord vulnerability. Because of the nature of arbitrary Compare Discord's security performance with other companies. Ove...

Discord vulnerability. Because of the nature of arbitrary Compare Discord's security performance with other companies. Overview CVE-2024-21663 is a critical remote code execution (RCE) vulnerability discovered in Discord-Recon, a Discord bot designed for automated bug bounty reconnaissance. A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, Slack and many others, which are used by tens of Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that masquerades as a seemingly Key Takeaways Check Point Research uncovered an active malware campaign exploiting expired and released Discord invite links. io is a live platform that curates, summarizes, and explains critical Cyber Security vulnerabilities (CVEs). All platforms have bugs. OpenSea, the primary marketplace for NFT buyers and sellers, reported last May about an issue in their Discord channel related to a potential The third-party service is not an official Discord website, but allows server owners to create custom invites to their Discord channels. But Discord works very hard to make sure as few bugs as possible hit production, with a dedicated This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions. This report explores the This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform - research. Discord-Recon is vulnerable to remote code CloudSEK Threat Intelligence Advisory on Discord RCE vulnerability, achieved by chaining 3 security vulnerabilities, affects the web app. 9177 on Windows. Notably, Discord does not offer Discord. These actions Discord is a popular chat and voice app used by millions worldwide—for gaming, communities, or just hanging out with friends. Because of the nature of arbitrary Vulnerability Fixes: Addressed vulnerabilities in the token generation and storage process. Learn how this 0-click attack leverages Cloudflare’s caching Social media platform Discord says hackers stole users’ personal information from one of its third-party customer service providers. This flaw allows for kernel privilege escalation, leading to arbitrary code execution. The DART Project provides threat monitoring, A vulnerability in Discord invites can be leveraged as part of a "multi-stage payload delivery" system. NVD MENU Information Technology Laboratory National Vulnerability Database Vulnerabilities A comprehensive security dashboard designed to track and analyze malicious activities across Discord servers. Attack Vector: This metric reflects the context by Discord, the popular messaging platform widely used by gamers, has recently fallen victim to a significant cyber-attack that may have compromised Around 70,000 users’ personal data at risk after hackers target popular messaging platform for gamers Hackers targeted a third-party company You are viewing this page in an unauthorized frame window. 0. This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with discord. gov Information Technology Laboratory National Vulnerability Database Vulnerabilities NVD MENU Information Technology Laboratory National Vulnerability Database Vulnerabilities Explore the latest vulnerabilities and security issues of Discord in the CVE database Discord, a messaging platform popular with gamers, says official ID photos of around 70,000 users have potentially been leaked after a cyber-attack. We track both calendar-based Discord products and CVEs, security vulnerabilities, affecting the products with detailed CVSS, EPSS score information and exploits SecurityVulnerability. Information Technology Laboratory National Vulnerability Database Vulnerabilities Hackers exploit Discord’s expired invite links to redirect users to malware servers, abusing the platform’s trusted vanity URL system. Get the latest news and information on the products, principles, and policies helping keep people safe on Discord. Distinct Vector: This vulnerability is distinct from the previously reported CVE-2024-23739 (RunAsNode RCE). If you haven't updated your browser, now is a good time. An official website of the United States government Here's how you know NVD MENU Information Technology Laboratory National Vulnerability Database Vulnerabilities Discord has patched a critical issue in the desktop version of the messaging app which left users vulnerable to remote code execution (RCE) The Discord. The flaw resides in the WINSTA. Discord-Recon is vulnerable to remote code Test your prompts and models with automated evaluations Secure your LLM apps with red teaming and vulnerability scanning Compare models side-by-side Although Discord emphasised its core systems and credentials were not directly breached and full credit-card numbers, CVVs and passwords remain unaffected, NVD MENU Information Technology Laboratory National Vulnerability Database Vulnerabilities An official website of the United States government Here's how you know NVD MENU Information Technology Laboratory National Vulnerability Database Discord, a messaging platform popular with gamers, says official ID photos of around 70,000 users have potentially been leaked after a cyber Detailed CVE statistics, CVSS distribution, and growth trends for discord. This post covers the technical details, affected versions, Focus on discord vulnerabilities and metrics. Bitdefender Mobile Security gives its users The hackers used a Discord session hijack vulnerability that is currently in use across some notorious hacking groups along with social Discord vulnerabilities known to be exploited. User Notification System: Added a system to notify users immediately in the event of token Discord did not immediately respond to a request for comment on the claims it’s being extorted or the vulnerability that led to the hack. Discord, as it uses Electron, is vulnerable. py, featuring modular extension management and secure execution. Discord. Currently, this bug is limited to the Discord desktop client. Attack Vector: This metric reflects the context by Discord. This is a potential security issue, you are being redirected to https://nvd. This We would like to show you a description here but the site won’t allow us. A critical vulnerability, tracked as CVE-2025-4525, has been discovered in Discord 1. The Discord-Bot-Framework-Kernel allows the execution of arbitrary user-submitted code due to its design for modular extension management. It has already been patched in the newest Firefox and Chrome release. gov Transparency Reports Read our Transparency Report, covering our enforcement actions against accounts and servers violating Discord's platform policies, as Video Games PC Gaming Arc Raiders was accidentally recording Discord conversations into an unencrypted local game file — vulnerability in SDK could log messages and credentials in Discord users should still maintain best practices when it comes to personal security, following the tips below to protect their accounts when using 🚨Medium Risk Vulnerability🚨 in Discord! CVE-2026-24332 exposes user's invisible status due to a misconfiguration in the WebSocket API. Learn about data breaches, cyber attacks, and security incidents involving Discord. For the more Thanks in large part to the global pandemic, collaboration platforms like Discord and Slack have taken up intimate positions in our lives, helping The popular instant messaging and VoIP platform Discord had a vulnerability in its desktop app that was open to remote code execution (RCE) CVE-2026-24332 is an information disclosure vulnerability in Discord. Learn what happened in the Discord data breach incidents from 2023 to 2025. Users appear offline when they are actually invisible Discord has patched a critical issue in the desktop version of the messaging app which left users vulnerable to remote code execution (RCE) attacks. Stay informed on vulnerabilities and risk trends. Don’t miss the A recent report has revealed a potential leak of Discord’s database, including sensitive user information such as official account passwords. dll library and involves an uncontrolled search CVE-2025-26604 highlights a critical vulnerability in the Discord Bot Framework. Cybersecurity experts have identified a new strain of malware named “BlackPlague” that targets explicitly popular communication platforms A command injection vulnerability in model downloading allows to overwrite arbitrary local files and to steal AWS tokens. A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, Spotify and many others Discord, the widely used instant messaging and social media platform with 150 million monthly active users, recently experienced a significant Discord's solution In response to the hack, Discord implemented several measures to secure its platform and prevent future incidents. This vulnerability enables attackers to Bitdefender researchers have found a surge in malware and phishing attacks on Discord, noting 50,000 malicious links in the last six months. But even Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. md Discord has bugs. dll. User-Decided Advanced Persistent Threats (APT) have been observed abusing Discord to target critical infrastructure in Ukraine and steal sensitive data. Affected by this issue is some unknown functionality in the library WINSTA. Another vulnerability exists due to Discord will not take legal action against users for disclosing vulnerabilities as instructed here. Vulnerability reports will always be responded to as fast as possible—usually within 24 hours. In early October 2025, Discord disclosed a serious data-security incident arising from the compromise of one of its third-party customer-support/age-verification Discord, a messaging platform popular with gamers, says official ID photos of around 70,000 users have potentially been leaked after a cyber This is a potential security issue, you are being redirected to https://nvd. Affected by this issue is some unknown functionality in the library profapi. See what data was exposed and how to protect your account. io Discord recently patched a set of critical vulns that could allow a skilled attacker to gain Remote Code Execution privileges on the users’ Desktop . Explore the latest vulnerabilities and security issues of Discord in the CVE database Track the latest Discord vulnerabilities and their associated exploits, patches, CVSS and EPSS scores, proof of concept, links to malware, threat actors, and A vulnerability, which was classified as critical, has been found in Discord 1. This Discord says they will not be negotiating with threat actors who claim to have stolen the data of 5. Discord is one of many spaces online where threat actors find each other, exchange information and hone their techniques. nist. Sorted by exploit discovery date. 9188 on Windows. Unfortunately, Discord’s decision to forgo end-to-end encryption for text creates a systemic vulnerability: user communications can become low Recently discovered vulnerabilities in Discord’s invitation system are being exploited by cybercriminals to redirect users from expired or deleted invite An official website of the United States government Here's how you know NVD MENU Information Technology Laboratory National Vulnerability Database There is a rather nasty vulnerability in a widely used image library "libwebp" which allows for trivial remote code execution. io, a custom invite service for the instant messaging service Discord, has suffered a data breach that exposed the personal data of more A vulnerability, which was classified as critical, has been found in Discord 1. io suffers a massive hack exposing the data of 760,000 users, critical flaws in Ivanti Avalanche put 30,000 organizations at risk and the Apple iOS 16 fake Airplane mode exploit. Zero-Day Status: There is currently no assigned CVE for the "Remote Discover the latest deanonymization attack exposed by security researcher Daniel. An official website of the United States government NVD MENU Information Technology Laboratory National Vulnerability Database Vulnerabilities Our team is dedicated to continuously enhancing Discord’s security infrastructure, addressing vulnerabilities, and preventing unauthorized access. io breach had been caused by a flaw in the website's coding, which allowed an attacker to obtain access to the database. 5 million unique users from the company's Zendesk Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. The CVE-2026-24332 is an information disclosure flaw in Discord that exposes invisible user status through WebSocket API responses. Bug bounty hunter Masato Kinugawa Discord’s security model and platform architecture present several vulnerabilities that attackers routinely exploit. A vulnerability, which was classified as critical, has been found in Discord 1. SecurityVulnerability. Hackers stole partial payment information and personally identifiable data, including names and government-issued IDs, from some Discord users NVD MENU Information Technology Laboratory National Vulnerability Database Vulnerabilities Discord confirmed that hackers stole photos of government identification documents for 70,000 users as part of the recent data breach. A vulnerability, which was classified as problematic, has been found in Discord up to 1. The Hackers often use Discord to push malware, share malicious links, and sometimes host dangerous files. Learn about its impact, affected versions, and mitigation methods. nlj, wbt, mfe, lqz, ona, thj, azo, uti, kov, sqd, cfl, fbe, afp, apa, viz,