Lucene search
+L

504 matches found

Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.9 views

PT-2026-26710

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Users with tag-editing permissions could modify and create...

3.8CVSS5.9AI score0.0016EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.8 views

PT-2026-26715

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an unauthenticated attacker can cause a legitimate Discourse authorization page to display an attacker-controlled domain, facilitating social engineering attacks against users. Versions...

6.9CVSS5.8AI score0.00208EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.7 views

Discourse 信息泄露漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that originates when the ipaddress of a tagged user is exposed to any user...

4.3CVSS5.8AI score0.00284EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.10 views

PT-2026-26543

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. The ComposerControllermentions API endpoint reveals hidden gro...

5.3CVSS6AI score0.00179EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.9 views

PT-2026-26704

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Moderators can create Zendesk tickets for topics they do not...

5.4CVSS5.9AI score0.00196EPSS
Exploits0References4
NVD
NVD
added 2026/03/19 11:16 p.m.8 views

CVE-2026-33408

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators were able to see the first 40 characters of post edits in PMs and private categories. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds a...

2.7CVSS0.00277EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/19 10:35 p.m.4 views

CVE-2026-33408 Discourse has Improper Authorization in "Post Edits" Report For Moderators

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators were able to see the first 40 characters of post edits in PMs and private categories. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds a...

2.2CVSS5.8AI score0.00277EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/19 10:33 p.m.4 views

CVE-2026-33395 Discourse has stored click‑based XSS via Graphviz SVG javascript: links

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the discourse-graphviz plugin contains a stored cross-site scripting XSS vulnerability that allows authenticated users to inject malicious JavaScript code through DOT graph definitions. F...

4.4CVSS5.7AI score0.00231EPSS
Exploits0References4
OSV
OSV
added 2026/03/19 10:33 p.m.7 views

CVE-2026-33395 Discourse has stored click‑based XSS via Graphviz SVG javascript: links

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the discourse-graphviz plugin contains a stored cross-site scripting XSS vulnerability that allows authenticated users to inject malicious JavaScript code through DOT graph definitions. F...

4.4CVSS5.9AI score0.00231EPSS
Exploits0References6
NVD
NVD
added 2026/03/19 10:16 p.m.7 views

CVE-2026-32099

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's...

6.5CVSS0.00302EPSS
Exploits0References1
NVD
NVD
added 2026/03/19 10:16 p.m.13 views

CVE-2026-27936

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a restriction bypass allows restricted post action counts to be disclosed to non-privileged users through a carefully crafted request. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2...

6.9CVSS0.00306EPSS
Exploits0References1
NVD
NVD
added 2026/03/19 10:16 p.m.5 views

CVE-2026-27934

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a lack of visibility checks with a user action API endpoint that results in disclosure of the title and post excerpt to unauthorized users, leading to information disclosure. Versions...

8.7CVSS0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/19 10:6 p.m.6 views

EUVD-2026-13340

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the Post Edits admin report /admin/reports/postedits leaked the first 40 characters of raw post content from private messages and secure categories to moderators who shouldn't have access...

2.7CVSS5.8AI score0.00293EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:6 p.m.3 views

CVE-2026-33394

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the Post Edits admin report /admin/reports/postedits leaked the first 40 characters of raw post content from private messages and secure categories to moderators who shouldn't have access...

2.7CVSS5.8AI score0.00293EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/03/19 10:4 p.m.4 views

EUVD-2026-13338

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was...

4.3CVSS5.8AI score0.00251EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/19 9:52 p.m.4 views

CVE-2026-32099

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's...

4.3CVSS5.8AI score0.00302EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/19 9:49 p.m.22 views

CVE-2026-29072 Discourse missing permission check for policy creation in discourse-policy

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users who do not belong to the allowed policy creation groups can create functional policy acceptance widgets in posts under the right conditions. Versions 2026.3.0-latest.1, 2026.2.1, an...

8.2CVSS0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/03/19 9:49 p.m.16 views

CVE-2026-29072

CVE-2026-29072 affects Discourse prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, where users not in the allowed policy creation groups could create functional policy acceptance widgets in posts under certain conditions. The root cause is a flaw in policy widget creation permissions that allow...

8.2CVSS5.7AI score0.00231EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/19 9:33 p.m.3 views

CVE-2026-27935 Discourse leaks private topic metadata to non-authorized users

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a vulnerability in an API endpoint that discloses private topic metadata of admin users to moderator users even if the moderators do not have access to the private topics. Versions...

6.9CVSS5.8AI score0.0027EPSS
Exploits0References4
NVD
NVD
added 2026/03/19 9:17 p.m.12 views

CVE-2026-27491

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a type coercion issue in a post actions API endpoint allowed non-staff users to issue warnings to other users. Warnings are a staff-only moderation feature. The vulnerability required the...

6.9CVSS0.00326EPSS
Exploits0References4
Rows per page
Query Builder