Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2870 matches found

EUVD
EUVDadded 2026/03/20 10:56 p.m.4 views

EUVD-2026-13896

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2...

5.1CVSS5.8AI score0.00196EPSS
Exploits0References1
CVE
CVEadded 2026/03/20 10:52 p.m.6 views

CVE-2026-33251

Discourse has an authorization bypass vulnerability affecting hidden Solved topics. Before versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, unauthorized users could accept or unaccept solutions. A patch exists in 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. Workaround: ensure only trusted users ...

5.4CVSS5.8AI score0.00155EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/20 10:52 p.m.2 views

CVE-2026-33251 Discourse has a Hidden Solved topics permission bypass

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass vulnerability in hidden Solved topics may allow unauthorized users to accept or unaccept solutions. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a...

5.4CVSS5.8AI score0.00155EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/20 10:52 p.m.3 views

EUVD-2026-13895

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass vulnerability in hidden Solved topics may allow unauthorized users to accept or unaccept solutions. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a...

5.4CVSS5.8AI score0.00155EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/20 10:52 p.m.1 views

CVE-2026-33251

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass vulnerability in hidden Solved topics may allow unauthorized users to accept or unaccept solutions. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a...

5.4CVSS5.8AI score0.00155EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/03/20 10:52 p.m.23 views

CVE-2026-33251 Discourse has a Hidden Solved topics permission bypass

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass vulnerability in hidden Solved topics may allow unauthorized users to accept or unaccept solutions. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a...

5.4CVSS0.00155EPSS
Exploits0References1
OSV
OSVadded 2026/03/20 10:52 p.m.3 views

CVE-2026-33251 Discourse has a Hidden Solved topics permission bypass

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass vulnerability in hidden Solved topics may allow unauthorized users to accept or unaccept solutions. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a...

5.4CVSS5.9AI score0.00155EPSS
Exploits0References3
NVD
NVDadded 2026/03/20 3:15 a.m.5 views

CVE-2026-30889

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderator could exploit insufficient authorization checks to access metadata of posts they should not have permission to view. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain...

5.3CVSS0.00278EPSS
Exploits0References1
NVD
NVDadded 2026/03/20 3:15 a.m.1 views

CVE-2026-31805

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass in the poll plugin allowed authenticated users to vote on, remove votes from, or toggle the open/closed status of polls they did not have access to. By passing...

8.2CVSS0.00215EPSS
Exploits0References2
NVD
NVDadded 2026/03/20 3:15 a.m.3 views

CVE-2026-31869

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership grou...

5.3CVSS0.00179EPSS
Exploits0References1
NVD
NVDadded 2026/03/20 3:15 a.m.3 views

CVE-2026-30888

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allow a moderator to edit site policy documents ToS, guidelines, privacy policy that they are explicitly prohibited from modifying. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conta...

5.5CVSS0.00213EPSS
Exploits0References1
CVE
CVEadded 2026/03/20 3:13 a.m.7 views

CVE-2026-32114

Discourse (open‑source discussion platform) contains an Insecure Direct Object Reference (IDOR) vulnerability. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, any authenticated user can access metadata about AI personas, features, and LLM models by supplying their identifiers. This m...

5.3CVSS5.7AI score0.00211EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/20 3:13 a.m.1 views

CVE-2026-32114 Discourse's unscoped status lookups leak restricted metadata

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...

5.3CVSS5.7AI score0.00211EPSS
Exploits0References1
OSV
OSVadded 2026/03/20 3:13 a.m.2 views

CVE-2026-32114 Discourse's unscoped status lookups leak restricted metadata

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References3
EUVD
EUVDadded 2026/03/20 3:13 a.m.4 views

EUVD-2026-13526

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...

5.3CVSS5.7AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/03/20 3:13 a.m.20 views

CVE-2026-32114 Discourse's unscoped status lookups leak restricted metadata

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...

5.3CVSS0.00211EPSS
Exploits0References1
CVE
CVEadded 2026/03/20 3:10 a.m.7 views

CVE-2026-31869

Product/impact: Discourse, an open-source discussion platform, is affected by CVE-2026-31869 prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. Root cause: The ComposerController#mentions endpoint can reveal hidden group membership to any authenticated user who can message the group by ...

5.3CVSS6AI score0.00179EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/20 3:10 a.m.1 views

CVE-2026-31869

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership grou...

5.3CVSS6AI score0.00179EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/03/20 3:10 a.m.2 views

EUVD-2026-13496

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership grou...

5.3CVSS6AI score0.00179EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/03/20 3:10 a.m.1 views

CVE-2026-31869 Discourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_names` check

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership grou...

5.3CVSS6AI score0.00179EPSS
Exploits0References1
Rows per page
Query Builder