Discord Vulnerability Cybersecurity experts have identified a new strain of malware named “BlackPlague” that targets ...

Discord Vulnerability Cybersecurity experts have identified a new strain of malware named “BlackPlague” that targets explicitly popular communication platforms A command injection vulnerability in model downloading allows to overwrite arbitrary local files and to steal AWS tokens. But even Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. We track both calendar-based Discord products and CVEs, security vulnerabilities, affecting the products with detailed CVSS, EPSS score information and exploits SecurityVulnerability. Stay informed on vulnerabilities and risk trends. gov Transparency Reports Read our Transparency Report, covering our enforcement actions against accounts and servers violating Discord's platform policies, as Video Games PC Gaming Arc Raiders was accidentally recording Discord conversations into an unencrypted local game file — vulnerability in SDK could log messages and credentials in Discord users should still maintain best practices when it comes to personal security, following the tips below to protect their accounts when using 🚨Medium Risk Vulnerability🚨 in Discord! CVE-2026-24332 exposes user's invisible status due to a misconfiguration in the WebSocket API. dll library and involves an uncontrolled search CVE-2025-26604 highlights a critical vulnerability in the Discord Bot Framework. Discord is one of many spaces online where threat actors find each other, exchange information and hone their techniques. Notably, Discord does not offer Discord. gov Information Technology Laboratory National Vulnerability Database Vulnerabilities NVD MENU Information Technology Laboratory National Vulnerability Database Vulnerabilities Explore the latest vulnerabilities and security issues of Discord in the CVE database Discord, a messaging platform popular with gamers, says official ID photos of around 70,000 users have potentially been leaked after a cyber-attack. But Discord works very hard to make sure as few bugs as possible hit production, with a dedicated This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with discord. User-Decided Advanced Persistent Threats (APT) have been observed abusing Discord to target critical infrastructure in Ukraine and steal sensitive data. Attack Vector: This metric reflects the context by Discord. Attack Vector: This metric reflects the context by Discord, the popular messaging platform widely used by gamers, has recently fallen victim to a significant cyber-attack that may have compromised Around 70,000 users’ personal data at risk after hackers target popular messaging platform for gamers Hackers targeted a third-party company You are viewing this page in an unauthorized frame window. Zero-Day Status: There is currently no assigned CVE for the "Remote Discover the latest deanonymization attack exposed by security researcher Daniel. The DART Project provides threat monitoring, A vulnerability in Discord invites can be leveraged as part of a "multi-stage payload delivery" system. All platforms have bugs. Distinct Vector: This vulnerability is distinct from the previously reported CVE-2024-23739 (RunAsNode RCE). A critical vulnerability, tracked as CVE-2025-4525, has been discovered in Discord 1. User Notification System: Added a system to notify users immediately in the event of token Discord did not immediately respond to a request for comment on the claims it’s being extorted or the vulnerability that led to the hack. io is a live platform that curates, summarizes, and explains critical Cyber Security vulnerabilities (CVEs). 9188 on Windows. Explore the latest vulnerabilities and security issues of Discord in the CVE database Track the latest Discord vulnerabilities and their associated exploits, patches, CVSS and EPSS scores, proof of concept, links to malware, threat actors, and A vulnerability, which was classified as critical, has been found in Discord 1. Discord-Recon is vulnerable to remote code CloudSEK Threat Intelligence Advisory on Discord RCE vulnerability, achieved by chaining 3 security vulnerabilities, affects the web app. In early October 2025, Discord disclosed a serious data-security incident arising from the compromise of one of its third-party customer-support/age-verification Discord, a messaging platform popular with gamers, says official ID photos of around 70,000 users have potentially been leaked after a cyber This is a potential security issue, you are being redirected to https://nvd. md Discord has bugs. Bug bounty hunter Masato Kinugawa Discord’s security model and platform architecture present several vulnerabilities that attackers routinely exploit. dll. Discord-Recon is vulnerable to remote code Test your prompts and models with automated evaluations Secure your LLM apps with red teaming and vulnerability scanning Compare models side-by-side Although Discord emphasised its core systems and credentials were not directly breached and full credit-card numbers, CVVs and passwords remain unaffected, NVD MENU Information Technology Laboratory National Vulnerability Database Vulnerabilities An official website of the United States government Here's how you know NVD MENU Information Technology Laboratory National Vulnerability Database Discord, a messaging platform popular with gamers, says official ID photos of around 70,000 users have potentially been leaked after a cyber Detailed CVE statistics, CVSS distribution, and growth trends for discord. This is a potential security issue, you are being redirected to https://nvd. Vulnerability reports will always be responded to as fast as possible—usually within 24 hours. Get the latest news and information on the products, principles, and policies helping keep people safe on Discord. For the more Thanks in large part to the global pandemic, collaboration platforms like Discord and Slack have taken up intimate positions in our lives, helping The popular instant messaging and VoIP platform Discord had a vulnerability in its desktop app that was open to remote code execution (RCE) CVE-2026-24332 is an information disclosure vulnerability in Discord. Don’t miss the A recent report has revealed a potential leak of Discord’s database, including sensitive user information such as official account passwords. Sorted by exploit discovery date. This We would like to show you a description here but the site won’t allow us. A vulnerability, which was classified as problematic, has been found in Discord up to 1. io breach had been caused by a flaw in the website's coding, which allowed an attacker to obtain access to the database. This flaw allows for kernel privilege escalation, leading to arbitrary code execution. Another vulnerability exists due to Discord will not take legal action against users for disclosing vulnerabilities as instructed here. The CVE-2026-24332 is an information disclosure flaw in Discord that exposes invisible user status through WebSocket API responses. See what data was exposed and how to protect your account. This Discord says they will not be negotiating with threat actors who claim to have stolen the data of 5. py, featuring modular extension management and secure execution. Hackers stole partial payment information and personally identifiable data, including names and government-issued IDs, from some Discord users NVD MENU Information Technology Laboratory National Vulnerability Database Vulnerabilities Discord confirmed that hackers stole photos of government identification documents for 70,000 users as part of the recent data breach. Learn about its impact, affected versions, and mitigation methods. 9177 on Windows. Currently, this bug is limited to the Discord desktop client. SecurityVulnerability. NVD MENU Information Technology Laboratory National Vulnerability Database Vulnerabilities A comprehensive security dashboard designed to track and analyze malicious activities across Discord servers. A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, Spotify and many others Discord, the widely used instant messaging and social media platform with 150 million monthly active users, recently experienced a significant Discord's solution In response to the hack, Discord implemented several measures to secure its platform and prevent future incidents. This report explores the This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Information Technology Laboratory National Vulnerability Database Vulnerabilities Hackers exploit Discord’s expired invite links to redirect users to malware servers, abusing the platform’s trusted vanity URL system. Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions. If you haven't updated your browser, now is a good time. nist. Discord. Learn how this 0-click attack leverages Cloudflare’s caching Social media platform Discord says hackers stole users’ personal information from one of its third-party customer service providers. Affected by this issue is some unknown functionality in the library WINSTA. It has already been patched in the newest Firefox and Chrome release. A vulnerability, which was classified as critical, has been found in Discord 1. OpenSea, the primary marketplace for NFT buyers and sellers, reported last May about an issue in their Discord channel related to a potential The third-party service is not an official Discord website, but allows server owners to create custom invites to their Discord channels. Unfortunately, Discord’s decision to forgo end-to-end encryption for text creates a systemic vulnerability: user communications can become low Recently discovered vulnerabilities in Discord’s invitation system are being exploited by cybercriminals to redirect users from expired or deleted invite An official website of the United States government Here's how you know NVD MENU Information Technology Laboratory National Vulnerability Database There is a rather nasty vulnerability in a widely used image library "libwebp" which allows for trivial remote code execution. 5 million unique users from the company's Zendesk Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. io Discord recently patched a set of critical vulns that could allow a skilled attacker to gain Remote Code Execution privileges on the users’ Desktop . Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform - research. The Hackers often use Discord to push malware, share malicious links, and sometimes host dangerous files. io suffers a massive hack exposing the data of 760,000 users, critical flaws in Ivanti Avalanche put 30,000 organizations at risk and the Apple iOS 16 fake Airplane mode exploit. A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, Slack and many others, which are used by tens of Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that masquerades as a seemingly Key Takeaways Check Point Research uncovered an active malware campaign exploiting expired and released Discord invite links. Users appear offline when they are actually invisible Discord has patched a critical issue in the desktop version of the messaging app which left users vulnerable to remote code execution (RCE) attacks. The Discord-Bot-Framework-Kernel allows the execution of arbitrary user-submitted code due to its design for modular extension management. Because of the nature of arbitrary Vulnerability Fixes: Addressed vulnerabilities in the token generation and storage process. Overview CVE-2024-21663 is a critical remote code execution (RCE) vulnerability discovered in Discord-Recon, a Discord bot designed for automated bug bounty reconnaissance. Discord, as it uses Electron, is vulnerable. Learn about data breaches, cyber attacks, and security incidents involving Discord. An official website of the United States government Here's how you know NVD MENU Information Technology Laboratory National Vulnerability Database Vulnerabilities Discord has patched a critical issue in the desktop version of the messaging app which left users vulnerable to remote code execution (RCE) The Discord. This post covers the technical details, affected versions, Focus on discord vulnerabilities and metrics. Because of the nature of arbitrary Compare Discord's security performance with other companies. io, a custom invite service for the instant messaging service Discord, has suffered a data breach that exposed the personal data of more A vulnerability, which was classified as critical, has been found in Discord 1. The flaw resides in the WINSTA. Learn what happened in the Discord data breach incidents from 2023 to 2025. Affected by this issue is some unknown functionality in the library profapi. These actions Discord is a popular chat and voice app used by millions worldwide—for gaming, communities, or just hanging out with friends. This vulnerability enables attackers to Bitdefender researchers have found a surge in malware and phishing attacks on Discord, noting 50,000 malicious links in the last six months. Bitdefender Mobile Security gives its users The hackers used a Discord session hijack vulnerability that is currently in use across some notorious hacking groups along with social Discord vulnerabilities known to be exploited. 0. An official website of the United States government NVD MENU Information Technology Laboratory National Vulnerability Database Vulnerabilities Our team is dedicated to continuously enhancing Discord’s security infrastructure, addressing vulnerabilities, and preventing unauthorized access.