Lucene search
K

493 matches found

OSV
OSV
added 2026/03/27 7:10 a.m.2 views

BIT-DISCOURSE-2026-27935 Discourse leaks private topic metadata to non-authorized users

Discourse is an open-source discussion platform. Versions prior to 2026.3.0, 2026.2.1, and 2026.1.2 have a vulnerability in an API endpoint that discloses private topic metadata of admin users to moderator users even if the moderators do not have access to the private topics. Versions 2026.3.0,...

6.9CVSS5.9AI score0.0027EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.7 views

CVE-2026-33423

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, staff can modify any user's group notification level. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available...

5.3CVSS5.8AI score0.00198EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.5 views

CVE-2026-30891

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a user could access another user's private activity due to insufficient authorization checks in the user actions endpoint. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a pat...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.4 views

CVE-2026-30889

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderator could exploit insufficient authorization checks to access metadata of posts they should not have permission to view. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain...

5.3CVSS5.8AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.4 views

CVE-2026-27936

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a restriction bypass allows restricted post action counts to be disclosed to non-privileged users through a carefully crafted request. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2...

6.9CVSS5.8AI score0.00306EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.6 views

CVE-2026-27491

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a type coercion issue in a post actions API endpoint allowed non-staff users to issue warnings to other users. Warnings are a staff-only moderation feature. The vulnerability required the...

6.9CVSS5.8AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.4 views

CVE-2026-33393

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was...

4.3CVSS5.8AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.5 views

CVE-2026-33428

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a non-staff user with elevated group membership could access deleted posts belonging to any user due to an overly broad authorization check on the deleted posts index endpoint. Versions...

7.1CVSS5.8AI score0.00274EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/24 12:0 a.m.4 views

Discourse Information Disclosure Vulnerability (CNVD-2026-17479)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from insufficient authorization checks on user-operated...

6.5CVSS5.7AI score0.00224EPSS
Exploits0
NVD
NVD
added 2026/03/21 12:16 a.m.9 views

CVE-2026-33426

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0-latest.1,...

3.8CVSS0.0016EPSS
Exploits0References1
NVD
NVD
added 2026/03/21 12:16 a.m.4 views

CVE-2026-33427

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an unauthenticated attacker can cause a legitimate Discourse authorization page to display an attacker-controlled domain, facilitating social engineering attacks against users. Versions...

7.5CVSS0.00208EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/20 11:21 p.m.25 views

CVE-2026-33428 Discourse Allows Unauthorized Access to Deleted Posts Index via Group Membership

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a non-staff user with elevated group membership could access deleted posts belonging to any user due to an overly broad authorization check on the deleted posts index endpoint. Versions...

7.1CVSS0.00274EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/20 11:20 p.m.5 views

EUVD-2026-13910

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an unauthenticated attacker can cause a legitimate Discourse authorization page to display an attacker-controlled domain, facilitating social engineering attacks against users. Versions...

6.9CVSS5.8AI score0.00208EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/20 11:20 p.m.27 views

CVE-2026-33427 Discourse Authorization Page Displays Unvalidated Redirect Domain

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an unauthenticated attacker can cause a legitimate Discourse authorization page to display an attacker-controlled domain, facilitating social engineering attacks against users. Versions...

6.9CVSS0.00208EPSS
Exploits0References1
CVE
CVE
added 2026/03/20 11:20 p.m.14 views

CVE-2026-33427

Discourse is affected by CVE-2026-33427. Before versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an unauthenticated attacker could cause a legitimate Discourse authorization page to display an attacker-controlled domain, enabling social engineering. A patch is included in 2026.3.0-latest.1, 20...

7.5CVSS5.8AI score0.00208EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/20 11:16 p.m.5 views

CVE-2026-33291

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2...

5.4CVSS0.00196EPSS
Exploits0References1
NVD
NVD
added 2026/03/20 11:16 p.m.6 views

CVE-2026-33411

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a potential stored XSS in topic titles for the solved posts stream. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, ensure that the Content Securi...

5.4CVSS0.00209EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 11:14 p.m.5 views

CVE-2026-33426

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0-latest.1,...

3.5CVSS5.8AI score0.0016EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 11:14 p.m.4 views

CVE-2026-33426 Discourse users can edit or synonymize hidden tags they can't see

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0-latest.1,...

3.5CVSS5.8AI score0.0016EPSS
Exploits0References1
CVE
CVE
added 2026/03/20 11:14 p.m.25 views

CVE-2026-33426

CVE-2026-33426 affects Discourse. Before versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 , users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they could not see those tags. A patch is included in versions 2026.3.0-latest.1, 2026....

3.8CVSS5.8AI score0.0016EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder