Lucene search
K

2875 matches found

CVE
CVE
added 2026/03/20 11:6 p.m.44 views

CVE-2026-33423

CVE-2026-33423 affects the Discourse platform. Before patches, staff could modify any user’s group notification level. A fix exists in versions 2026.3.0-latest.1 , 2026.2.1 , and 2026.1.2 ; these versions contain a patch. No workarounds are provided.

5.3CVSS5.8AI score0.00198EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 11:6 p.m.2 views

CVE-2026-33423 Discourse staff can modify any user's group notification level

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, staff can modify any user's group notification level. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available...

5.3CVSS5.8AI score0.00198EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 11:6 p.m.4 views

CVE-2026-33423 Discourse staff can modify any user's group notification level

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, staff can modify any user's group notification level. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available...

5.3CVSS5.9AI score0.00198EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/20 11:4 p.m.2 views

CVE-2026-33422

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ipaddress of a flagged user is exposed to any user who can access the review queue, including users who should not be able to see IP addresses. Versions 2026.3.0-latest.1, 2026.2.1, a...

3.5CVSS5.8AI score0.00284EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 11:4 p.m.4 views

CVE-2026-33422 Discourse exposes ip_address of flagged user

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ipaddress of a flagged user is exposed to any user who can access the review queue, including users who should not be able to see IP addresses. Versions 2026.3.0-latest.1, 2026.2.1, a...

3.5CVSS5.8AI score0.00284EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/20 11:4 p.m.4 views

EUVD-2026-13900

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ipaddress of a flagged user is exposed to any user who can access the review queue, including users who should not be able to see IP addresses. Versions 2026.3.0-latest.1, 2026.2.1, a...

3.5CVSS5.8AI score0.00284EPSS
Exploits0References1
CVE
CVE
added 2026/03/20 11:4 p.m.8 views

CVE-2026-33422

Discourse has a vulnerability where the ip_address of a flagged user is exposed to users who can access the review queue. Affected versions are prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. The issue is mitigated in 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 via a patch. No workarounds are l...

4.3CVSS5.8AI score0.00284EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/20 11:4 p.m.24 views

CVE-2026-33422 Discourse exposes ip_address of flagged user

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ipaddress of a flagged user is exposed to any user who can access the review queue, including users who should not be able to see IP addresses. Versions 2026.3.0-latest.1, 2026.2.1, a...

3.5CVSS0.00284EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 11:4 p.m.5 views

CVE-2026-33422 Discourse exposes ip_address of flagged user

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ipaddress of a flagged user is exposed to any user who can access the review queue, including users who should not be able to see IP addresses. Versions 2026.3.0-latest.1, 2026.2.1, a...

3.5CVSS5.9AI score0.00284EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/20 10:58 p.m.4 views

EUVD-2026-13898

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a potential stored XSS in topic titles for the solved posts stream. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, ensure that the Content Securi...

5.4CVSS5.8AI score0.00209EPSS
Exploits0References1
CVE
CVE
added 2026/03/20 10:58 p.m.10 views

CVE-2026-33411

Discourse is affected by CVE-2026-33411, a stored XSS in topic titles for the solved posts stream. The issue exists in versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. A patch is available in 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. Remediation guidance includes enabling a Content S...

5.4CVSS5.8AI score0.00209EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/20 10:58 p.m.25 views

CVE-2026-33411 Discourse's solved topic stream has potential stored XSS in topic title

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a potential stored XSS in topic titles for the solved posts stream. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, ensure that the Content Securi...

5.4CVSS0.00209EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:58 p.m.2 views

CVE-2026-33411

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a potential stored XSS in topic titles for the solved posts stream. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, ensure that the Content Securi...

5.4CVSS5.8AI score0.00209EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 10:58 p.m.3 views

CVE-2026-33411 Discourse's solved topic stream has potential stored XSS in topic title

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a potential stored XSS in topic titles for the solved posts stream. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, ensure that the Content Securi...

5.4CVSS5.8AI score0.00209EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 10:58 p.m.3 views

CVE-2026-33411 Discourse's solved topic stream has potential stored XSS in topic title

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a potential stored XSS in topic titles for the solved posts stream. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, ensure that the Content Securi...

5.4CVSS5.9AI score0.00209EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/20 10:56 p.m.8 views

EUVD-2026-13896

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2...

5.1CVSS5.8AI score0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/20 10:56 p.m.2 views

CVE-2026-33291 Discourse user can create Zendesk tickets even when it does not have access to topic

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2...

5.1CVSS5.8AI score0.00196EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:56 p.m.4 views

CVE-2026-33291

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2...

5.1CVSS5.8AI score0.00196EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/20 10:56 p.m.21 views

CVE-2026-33291 Discourse user can create Zendesk tickets even when it does not have access to topic

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2...

5.1CVSS0.00196EPSS
Exploits0References1
CVE
CVE
added 2026/03/20 10:56 p.m.15 views

CVE-2026-33291

The CVE concerns Discourse (with the Zendesk plugin) where moderators can create Zendesk tickets for topics they are not allowed to view. Affected versions are prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. The published fixes are included in 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, respec...

5.4CVSS5.8AI score0.00196EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder