Lucene search
K

2875 matches found

EUVD
EUVD
added 2026/04/03 9:27 p.m.2 views

EUVD-2026-18882

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/03 9:27 p.m.23 views

CVE-2026-34947 Discourse: Staged user custom fields are exposed on public invite pages

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/03 9:27 p.m.3 views

EUVD-2026-18866

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass vulnerability allows unauthenticated or unauthorized users to view hidden staff-only tags and its...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/03 9:27 p.m.2 views

CVE-2026-27481 Discourse: Hidden tag visibility bypass on tag routes

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass vulnerability allows unauthenticated or unauthorized users to view hidden staff-only tags and its...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/03 9:27 p.m.4 views

CVE-2026-27481

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass vulnerability allows unauthenticated or unauthorized users to view hidden staff-only tags and its...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/03 9:27 p.m.27 views

CVE-2026-27481 Discourse: Hidden tag visibility bypass on tag routes

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass vulnerability allows unauthenticated or unauthorized users to view hidden staff-only tags and its...

6.3CVSS0.00229EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.8 views

Discourse 信息泄露漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse from 2026.1.0-latest to 2026.1.3, from 2026.2.0-latest to 2026.2.2, and from 2026.3.0-latest to 2026.3....

6.3CVSS5.8AI score0.00229EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.8 views

PT-2026-30241

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass vulnerability allows unauthenticated or unauthorized users to view hidden staff-only tags and its...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.15 views

PT-2026-30244

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.8 views

Discourse 信息泄露漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.1.3, 2026.2.2, and 2026.3.0 contained a vulnerability related to information leakage. Thi...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.4 views

CVE-2026-32607

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, when the hidden prioritizefullnameinux site setting is enabled defaults to false, requires console access to change, user...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.5 views

CVE-2026-33073

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the discourse-subscriptions plugin leaks stripe API keys across sites in a multisite cluster resulting in the potential fo...

5.3CVSS5.7AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.2 views

CVE-2026-32619

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...

6.3CVSS5.8AI score0.0016EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.4 views

CVE-2026-32615

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, category group moderators could perform privileged actions on topics inside private categories they did not have read acce...

5.4CVSS5.8AI score0.00153EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.3 views

CVE-2026-33074

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, a user may be able to purchase a lower tier subscription but grant themselves the benefits that comes along with a higher...

6.3CVSS5.7AI score0.00171EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.4 views

CVE-2026-32243

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an attacker with the ability to create shared AI conversations could inject arbitrary HTML and JavaScript via crafted...

6.1CVSS5.9AI score0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.4 views

CVE-2026-32618

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, there is possible channel membership inference from chat user search without authorization. This issue has been patched in...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.4 views

CVE-2026-32113

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the enter action in StaticController reads the ssodestinationurl cookie and redirects to it with allowotherhost: true...

6.1CVSS5.7AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.4 views

CVE-2026-32620

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, non-staff users could access read receipt information for staff-only posts they weren't supposed to see. No post content w...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.7 views

CVE-2026-32143

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...

6.5CVSS5.8AI score0.00234EPSS
Exploits0References1
Rows per page
Query Builder