Lucene search
K

491 matches found

Vulnrichment
Vulnrichment
added 2026/03/31 5:40 p.m.6 views

CVE-2026-32619 Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...

6.3CVSS5.8AI score0.0016EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/31 5:40 p.m.26 views

CVE-2026-32619 Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...

6.3CVSS0.0016EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 5:40 p.m.4 views

CVE-2026-32615

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, category group moderators could perform privileged actions on topics inside private categories they did not have read acce...

5.3CVSS5.8AI score0.00153EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 5:40 p.m.3 views

CVE-2026-32607

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, when the hidden prioritizefullnameinux site setting is enabled defaults to false, requires console access to change, user...

2.1CVSS5.8AI score0.00167EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 5:39 p.m.1 views

CVE-2026-32273

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, updating a category description via API is not sanitizing the description string, which can lead to XSS attacks. This issu...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/31 5:39 p.m.3 views

EUVD-2026-17546

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the enter action in StaticController reads the ssodestinationurl cookie and redirects to it with allowotherhost: true...

5CVSS5.7AI score0.00193EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 5:39 p.m.2 views

CVE-2026-32143

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/31 5:39 p.m.4 views

EUVD-2026-17548

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References2
CVE
CVE
added 2026/03/31 5:39 p.m.14 views

CVE-2026-32113

Summary: CVE-2026-32113 affects Discourse, where the enter action in StaticController can read the sso_destination_url cookie and redirect to that URL with allow_other_host: true without validating the destination. This creates an open-redirect risk when SSO cookies are client-controlled. Affecte...

6.1CVSS5.7AI score0.00193EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/31 5:39 p.m.13 views

CVE-2026-32143

Discourse exposes a CSV export vulnerability (CVE-2026-32143) where moderators could export data from admin-restricted reports, bypassing visibility controls. Affected versions include 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0. ...

6.5CVSS5.8AI score0.00234EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

Discourse 信息泄露漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from the possibility of inferring the identity of a channel...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.10 views

Discourse 信息泄露漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that can be exploited by attackers to cause moderators to obtain informati...

6.5CVSS5.8AI score0.00234EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.9 views

PT-2026-29308

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, category group moderators could perform privileged actions on topics inside private categories they did not have read acce...

5.3CVSS5.8AI score0.00153EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.15 views

PT-2026-29305

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an attacker with the ability to create shared AI conversations could inject arbitrary HTML and JavaScript via crafted...

6.1CVSS5.9AI score0.00169EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.8 views

Discourse 跨站脚本漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject arbitrary HTML and JavaScript...

6.1CVSS5.8AI score0.00169EPSS
Exploits0References3
OSV
OSV
added 2026/03/27 7:11 a.m.2 views

BIT-DISCOURSE-2026-33427 Discourse Authorization Page Displays Unvalidated Redirect Domain

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, an unauthenticated attacker can cause a legitimate Discourse authorization page to display an attacker-controlled domain, facilitating social engineering attacks against users. Versions 2026.3.0,...

7.5CVSS5.9AI score0.00208EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 7:10 a.m.3 views

BIT-DISCOURSE-2026-33394 Discourse leaks PM post edits to moderators

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, the Post Edits admin report /admin/reports/postedits leaked the first 40 characters of raw post content from private messages and secure categories to moderators who shouldn't have access. Version...

2.7CVSS5.9AI score0.00293EPSS
Exploits0References5
OSV
OSV
added 2026/03/27 7:10 a.m.6 views

BIT-DISCOURSE-2026-32114 Discourse's unscoped status lookups leak restricted metadata

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their identifiers. Th...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 7:10 a.m.2 views

BIT-DISCOURSE-2026-27935 Discourse leaks private topic metadata to non-authorized users

Discourse is an open-source discussion platform. Versions prior to 2026.3.0, 2026.2.1, and 2026.1.2 have a vulnerability in an API endpoint that discloses private topic metadata of admin users to moderator users even if the moderators do not have access to the private topics. Versions 2026.3.0,...

6.9CVSS5.9AI score0.0027EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.6 views

CVE-2026-33423

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, staff can modify any user's group notification level. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available...

5.3CVSS5.8AI score0.00198EPSS
Exploits0References1
Rows per page
Query Builder