CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

RedhatCVE•added 2026/06/05 7:31 p.m.•6 views

CVE-2026-33514

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature enabled can read the name and structured content of form templates that are intended exclusively...

6CVSS5.3AI score0.0025EPSS

Exploits0References1

Positive Technologies•added 2026/05/19 12:0 a.m.•7 views

PT-2026-41764

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.1.4 Discourse versions prior to 2026.3.1 Discourse versions prior to 2026.4.1 Discourse versions prior to 2026.5.0-latest.1 Description An authenticated user on an instance with the form templates feature enabl...

6CVSS5.7AI score0.0025EPSS

Exploits0References9

OSV•added 2026/04/07 8:44 a.m.•7 views

BIT-DISCOURSE-2026-33415 Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were not authorized to view. Insufficient access control...

5.1CVSS5.7AI score0.00188EPSS

Exploits0References3

NVD•added 2026/03/31 6:16 p.m.•3 views

CVE-2026-32615

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, category group moderators could perform privileged actions on topics inside private categories they did not have read acce...

5.4CVSS0.00153EPSS

Exploits0References2

CVE•added 2026/03/31 5:42 p.m.•5 views

CVE-2026-33415

CVE-2026-33415 affects Discourse before fixed versions: 2026.1.3, 2026.2.2, and 2026.3.0. An authenticated moderator-level user could bypass category permissions via an insufficiently protected sentiment analytics endpoint, enabling retrieval of post contents, topic titles, and usernames from cat...

5.1CVSS5.7AI score0.00188EPSS

Exploits0References2Affected Software1

OSV•added 2026/03/30 5:49 p.m.•3 views

GHSA-73GR-R64Q-7JH4 AVideo has User Group-Based Category Access Control Bypass via Missing and Broken Group Filtering in categories.json.php

Summary The categories.json.php endpoint, which serves the category listing API, fails to enforce user group-based access controls on categories. In the default request path no ?user= parameter, user group filtering is entirely skipped, exposing all non-private categories including those restrict...

5.3CVSS5.8AI score0.00319EPSS

Exploits1References4

Github Security Blog•added 2026/03/30 5:49 p.m.•4 views

AVideo has User Group-Based Category Access Control Bypass via Missing and Broken Group Filtering in categories.json.php

5.3CVSS5.8AI score0.00319EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/03/27 6:11 p.m.•20 views

CVE-2026-34364 AVideo has User Group-Based Category Access Control Bypass via Missing and Broken Group Filtering in categories.json.php

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the categories.json.php endpoint, which serves the category listing API, fails to enforce user group-based access controls on categories. In the default request path no ?user= parameter, user group filtering is...

5.3CVSS0.00319EPSS

Exploits1References2

OSV•added 2026/03/27 6:11 p.m.•1 views

CVE-2026-34364 AVideo has User Group-Based Category Access Control Bypass via Missing and Broken Group Filtering in categories.json.php

5.3CVSS5.8AI score0.00319EPSS

Exploits1References4

OSV•added 2026/03/03 1:29 p.m.•3 views

BIT-DISCOURSE-2026-27151 Discourse doesn't validate destination topic when moving posts

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...

5.3CVSS5.9AI score0.00154EPSS

Exploits0References2

Positive Technologies•added 2022/04/14 12:0 a.m.•2 views

PT-2022-16925 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed versions Description: Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone that has access to the...

5.3CVSS4.4AI score0.00612EPSS

Exploits0References7

CNNVD•added 2022/04/14 12:0 a.m.•2 views

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email, and chat rooms. Discourse suffers from an information disclosure vulnerability that stems from the fact that any user with access to a category can view the category's group...

5.3CVSS5.1AI score0.00612EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by