Lucene search
+L

254 matches found

CVE
CVE
added 2026/03/31 5:41 p.m.19 views

CVE-2026-32620

Summary: CVE-2026-32620 affects Discourse. From 2026.1.0-latest up to before 2026.1.3, 2026.2.0-latest up to before 2026.2.2, and 2026.3.0-latest up to before 2026.3.0, non-staff users could access read receipt metadata for staff-only posts they were not supposed to see. No post content was expos...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/31 5:41 p.m.5 views

EUVD-2026-17559

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, non-staff users could access read receipt information for staff-only posts they weren't supposed to see. No post content w...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/31 5:40 p.m.8 views

EUVD-2026-17552

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, when the hidden prioritizefullnameinux site setting is enabled defaults to false, requires console access to change, user...

2.1CVSS5.8AI score0.00167EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/31 5:39 p.m.4 views

CVE-2026-32243 Discourse: Stored XSS in discourse-ai shared conversations onebox

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an attacker with the ability to create shared AI conversations could inject arbitrary HTML and JavaScript via crafted...

5.3CVSS6AI score0.00169EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/31 5:39 p.m.30 views

CVE-2026-32113 Discourse: Open redirect via `sso_destination_url` cookie in `enter`

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the enter action in StaticController reads the ssodestinationurl cookie and redirects to it with allowotherhost: true...

5CVSS0.00193EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/31 5:39 p.m.26 views

CVE-2026-32143 Discourse: Admin-only report can be exported by moderators

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...

5.3CVSS0.00234EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.15 views

Discourse 代码问题漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a code issue vulnerability that can be exploited by an attacker to cause the server to initiate outbound connectio...

5.3CVSS6AI score0.0019EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.10 views

Discourse 信息泄露漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from non-employee users having access to read receipt informati...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References3
OSV
OSV
added 2026/03/27 7:11 a.m.15 views

BIT-DISCOURSE-2026-33428 Discourse Allows Unauthorized Access to Deleted Posts Index via Group Membership

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, a non-staff user with elevated group membership could access deleted posts belonging to any user due to an overly broad authorization check on the deleted posts index endpoint. Versions 2026.3.0,...

7.1CVSS5.9AI score0.00274EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 7:10 a.m.1 views

BIT-DISCOURSE-2026-31869 Discourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_names` check

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership group and...

5.3CVSS6AI score0.00179EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 7:10 a.m.7 views

BIT-DISCOURSE-2026-27936 Discourse discloses restricted post-action counts to non-privileged users

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, a restriction bypass allows restricted post action counts to be disclosed to non-privileged users through a carefully crafted request. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. No...

6.9CVSS5.8AI score0.00306EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 7:10 a.m.4 views

BIT-DISCOURSE-2026-27934 Discourse leaks private topic title and post excerpt via user action API endpoint

Discourse is an open-source discussion platform. Versions prior to 2026.3.0, 2026.2.1, and 2026.1.2 have a lack of visibility checks with a user action API endpoint that results in disclosure of the title and post excerpt to unauthorized users, leading to information disclosure. Versions 2026.3.0...

8.7CVSS5.9AI score0.00254EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 7:9 a.m.3 views

BIT-DISCOURSE-2026-27570 Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, the onebox method in the SharedAiConversation model renders the conversation title directly into HTML without proper sanitization. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. As a...

6.1CVSS5.8AI score0.00347EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.17 views

CVE-2026-30888

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allow a moderator to edit site policy documents ToS, guidelines, privacy policy that they are explicitly prohibited from modifying. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conta...

5.5CVSS5.7AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.6 views

CVE-2026-32114

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...

5.3CVSS5.7AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.7 views

CVE-2026-32099

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's...

6.5CVSS5.8AI score0.00302EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.7 views

CVE-2026-27935

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a vulnerability in an API endpoint that discloses private topic metadata of admin users to moderator users even if the moderators do not have access to the private topics. Versions...

6.9CVSS5.8AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.3 views

CVE-2026-33424

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an attacker can grant access to a private message topic through invites even after they lose access to that PM. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No know...

5.9CVSS5.8AI score0.00217EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/24 12:0 a.m.4 views

Discourse Information Disclosure Vulnerability (CNVD-2026-17272)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from a post edit management report disclosing the first 40...

2.7CVSS5.8AI score0.00293EPSS
Exploits0
CNVD
CNVD
added 2026/03/24 12:0 a.m.6 views

Unspecified vulnerability in Discourse (CNVD-2026-17481)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a security vulnerability due to an overly broad authorization check on the deleted post index endpoint, which can ...

7.1CVSS5.8AI score0.00274EPSS
Exploits0
Rows per page
Query Builder