Zephyrkul

**Name of the Vulnerable Software and Affected Versions** tmerc-cogs versions prior to commit 92325be650a6c17940cc52611797533ed95dbbe1 **Description** A vulnerability has been found in the tmerc-cogs code for the Red Discord bot, allowing any user to access sensitive information by crafting a specific MassDM message. **Recommendations** For versions prior to commit 92325be650a6c17940cc52611797533ed95dbbe1, update to the current commit to resolve the issue. As a temporary workaround, consider unloading the MassDM cog or globally disabling the `[p]massdm` command until the update is applied.

**Name of the Vulnerable Software and Affected Versions** tmerc-cogs (affected versions not specified) **Description** A vulnerability has been found in the tmerc-cogs code for the Red Discord bot, allowing any user to access sensitive information by crafting a specific membership event message. **Recommendations** As a temporary workaround, users may unload the Welcome cog. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Discord Bot Act module versions prior to commit 6b9f3b86 **Description** The issue allows Discord users to send specially crafted messages, potentially leading to destructive actions and unauthorized access to sensitive information. This is due to a Remote Code Execution flaw. **Recommendations** For versions prior to commit 6b9f3b86, as a temporary workaround, consider unloading the Act module with `unload act` until a patch is available.