Lucene search
K

12 matches found

Vulnrichment
Vulnrichment
added 2026/03/20 11:6 p.m.3 views

CVE-2026-33423 Discourse staff can modify any user's group notification level

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, staff can modify any user's group notification level. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available...

5.3CVSS5.8AI score0.00198EPSS
Exploits0References1
NVD
NVD
added 2026/03/20 3:15 a.m.5 views

CVE-2026-31869

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership grou...

5.3CVSS0.00179EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 3:10 a.m.1 views

CVE-2026-31869

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership grou...

5.3CVSS6AI score0.00179EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.5 views

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain security vulnerabilities. These...

5.4CVSS5.8AI score0.00155EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/19 10:33 p.m.5 views

EUVD-2026-13402

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the discourse-graphviz plugin contains a stored cross-site scripting XSS vulnerability that allows authenticated users to inject malicious JavaScript code through DOT graph definitions. F...

4.4CVSS5.7AI score0.00231EPSS
Exploits0References4
CVE
CVE
added 2026/03/19 10:6 p.m.6 views

CVE-2026-33394

Discourse (open-source discussion platform) contains an information disclosure in Post Edits admin report: before versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the report leaked the first 40 characters of raw post content from private messages and secure categories to moderators who should ...

2.7CVSS5.8AI score0.00293EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:4 p.m.3 views

CVE-2026-33393

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was...

4.3CVSS5.8AI score0.00251EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/19 10:1 p.m.28 views

CVE-2026-33355 Discourse filters whisper posts from private-posts feed

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...

6.5CVSS0.00414EPSS
Exploits0References4
NVD
NVD
added 2026/03/19 9:17 p.m.11 views

CVE-2026-27491

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a type coercion issue in a post actions API endpoint allowed non-staff users to issue warnings to other users. Warnings are a staff-only moderation feature. The vulnerability required the...

6.9CVSS0.00326EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.12 views

PT-2026-26424

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. The /private-posts API endpoint did not apply post-type...

6.5CVSS5.9AI score0.00414EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.7 views

Discourse 跨站脚本漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contained a cross-site scripting vulnerability. This vulnerability...

5.4CVSS5.7AI score0.00231EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.10 views

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain security vulnerabilities. These...

6.9CVSS5.8AI score0.00326EPSS
Exploits0References5
Rows per page
Query Builder