Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2870 matches found

OSV
OSVadded 2026/03/19 8:39 p.m.2 views

CVE-2026-27454 Discourse has check revision visibility on posts endpoint

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, requesting /posts/:id.json?version=X bypassed authorization checks on post revisions. The displaypost method called post.revertto directly without verifying whether the revision was hidde...

5.3CVSS5.9AI score0.00388EPSS
Exploits0References6
CVE
CVEadded 2026/03/19 8:29 p.m.7 views

CVE-2026-27166

CVE-2026-27166 (Discourse) : Vulnerability in the default Codepen iframe handling where insufficient cleanup allowed an attacker to cause a user to change the main page URL. Affected software: Discourse before versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. Root cause: improper filtering/clea...

5.4CVSS5.7AI score0.00187EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/03/19 8:29 p.m.21 views

CVE-2026-27166 Discourse vulnerable to HTML injection via prohibited iframe URLs

Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions...

4.1CVSS0.00187EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/19 8:29 p.m.5 views

CVE-2026-27166

Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions...

4.1CVSS5.7AI score0.00187EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2026/03/19 8:29 p.m.3 views

EUVD-2026-13187

Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions...

4.1CVSS5.7AI score0.00187EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/03/19 8:29 p.m.2 views

CVE-2026-27166 Discourse vulnerable to HTML injection via prohibited iframe URLs

Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions...

4.1CVSS5.7AI score0.00187EPSS
Exploits0References2
OSV
OSVadded 2026/03/19 8:29 p.m.6 views

CVE-2026-27166 Discourse vulnerable to HTML injection via prohibited iframe URLs

Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions...

4.1CVSS5.8AI score0.00187EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/03/19 12:0 a.m.8 views

PT-2026-26424

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. The /private-posts API endpoint did not apply post-type...

6.5CVSS5.9AI score0.00414EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/03/19 12:0 a.m.1 views

PT-2026-26379

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2,...

8.2CVSS5.8AI score0.00231EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/03/19 12:0 a.m.5 views

PT-2026-26341

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open source discussion platform. Insufficient cleanup in the default Codepen allowed iframes...

5.4CVSS5.9AI score0.00187EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/03/19 12:0 a.m.4 views

PT-2026-26361

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse, an open-source discussion platform, is affected by a cross-site scripting issue. The system improper...

6.1CVSS5.8AI score0.00324EPSS
Exploits0References13
Positive Technologies
Positive Technologiesadded 2026/03/19 12:0 a.m.3 views

PT-2026-26358

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2,...

5.3CVSS5.8AI score0.00388EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2026/03/19 12:0 a.m.4 views

PT-2026-26426

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. The Post Edits admin report, accessible via the...

2.7CVSS5.9AI score0.00293EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/03/19 12:0 a.m.3 views

PT-2026-26370

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse, an open-source discussion platform, is affected by an information disclosure issue. A lack of...

8.7CVSS5.9AI score0.00254EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/03/19 12:0 a.m.6 views

PT-2026-26425

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. The allowed spam host domains check utilized Stringend with?...

4.3CVSS5.9AI score0.00251EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/03/19 12:0 a.m.4 views

PT-2026-26371

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2...

6.9CVSS5.9AI score0.0027EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2026/03/19 12:0 a.m.3 views

PT-2026-26433

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. The discourse-graphviz plugin contains a stored cross-site...

5.4CVSS5.9AI score0.00231EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/03/19 12:0 a.m.5 views

PT-2026-26360

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, t...

6.1CVSS5.8AI score0.00347EPSS
Exploits0References8
CNNVD
CNNVDadded 2026/03/19 12:0 a.m.4 views

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain security vulnerabilities. These...

5.4CVSS5.8AI score0.00187EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/03/19 12:0 a.m.5 views

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Discourse versions prior to 2026.3.0-latest.1, as well as versions before 2026.2.1 and 2026.1.2, have security vulnerabilitie...

5.3CVSS5.8AI score0.00388EPSS
Exploits0References4
Rows per page
Query Builder