Lucene search
K

502 matches found

RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.4 views

CVE-2026-32273

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, updating a category description via API is not sanitizing the description string, which can lead to XSS attacks. This issu...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References1
NVD
NVD
added 2026/03/31 6:16 p.m.3 views

CVE-2026-33415

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were n...

5.1CVSS0.00188EPSS
Exploits0References2
NVD
NVD
added 2026/03/31 6:16 p.m.5 views

CVE-2026-32143

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...

6.5CVSS0.00234EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/31 5:42 p.m.4 views

EUVD-2026-17574

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were n...

5.1CVSS5.7AI score0.00188EPSS
Exploits0References2
CVE
CVE
added 2026/03/31 5:42 p.m.10 views

CVE-2026-33415

CVE-2026-33415 affects Discourse before fixed versions: 2026.1.3, 2026.2.2, and 2026.3.0. An authenticated moderator-level user could bypass category permissions via an insufficiently protected sentiment analytics endpoint, enabling retrieval of post contents, topic titles, and usernames from cat...

5.1CVSS5.7AI score0.00188EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 5:42 p.m.3 views

CVE-2026-33415

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were n...

5.1CVSS5.7AI score0.00188EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/31 5:42 p.m.4 views

CVE-2026-33415 Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were n...

5.1CVSS5.8AI score0.00188EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/31 5:41 p.m.10 views

EUVD-2026-17571

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the group email settings test endpoint could be used to make the server initiate outbound connections to arbitrary hosts a...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/31 5:41 p.m.27 views

CVE-2026-33074 Discourse: Vulnerability in discourse-subscriptions plugin allowing users to self-grant to higher tier subscriptions

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, a user may be able to purchase a lower tier subscription but grant themselves the benefits that comes along with a higher...

6.3CVSS0.00171EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/31 5:41 p.m.3 views

EUVD-2026-17569

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, a user may be able to purchase a lower tier subscription but grant themselves the benefits that comes along with a higher...

6.3CVSS5.7AI score0.00171EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 5:41 p.m.1 views

CVE-2026-32951

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated user can obtain shared draft topic titles by sending an inline onebox request with a categoryid parameter...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 5:40 p.m.6 views

CVE-2026-32619 Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...

6.3CVSS5.8AI score0.0016EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/31 5:40 p.m.28 views

CVE-2026-32619 Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...

6.3CVSS0.0016EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 5:40 p.m.5 views

CVE-2026-32615

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, category group moderators could perform privileged actions on topics inside private categories they did not have read acce...

5.3CVSS5.8AI score0.00153EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 5:40 p.m.3 views

CVE-2026-32607

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, when the hidden prioritizefullnameinux site setting is enabled defaults to false, requires console access to change, user...

2.1CVSS5.8AI score0.00167EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 5:39 p.m.1 views

CVE-2026-32273

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, updating a category description via API is not sanitizing the description string, which can lead to XSS attacks. This issu...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/31 5:39 p.m.3 views

EUVD-2026-17546

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the enter action in StaticController reads the ssodestinationurl cookie and redirects to it with allowotherhost: true...

5CVSS5.7AI score0.00193EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 5:39 p.m.2 views

CVE-2026-32143

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/31 5:39 p.m.4 views

EUVD-2026-17548

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References2
CVE
CVE
added 2026/03/31 5:39 p.m.15 views

CVE-2026-32113

Summary: CVE-2026-32113 affects Discourse, where the enter action in StaticController can read the sso_destination_url cookie and redirect to that URL with allow_other_host: true without validating the destination. This creates an open-redirect risk when SSO cookies are client-controlled. Affecte...

6.1CVSS5.7AI score0.00193EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder