CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2870 matches found

Positive Technologies•added 2026/02/26 12:0 a.m.•4 views

PT-2026-22184

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description A SQL injection issue exists in the PM tag filtering functionality list private messages tag of Discourse. This allows...

7.1CVSS6AI score0.00226EPSS

Exploits0References8

Positive Technologies•added 2026/02/26 12:0 a.m.•4 views

PT-2026-22183

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse is an open source discussion platform. Before versions 2025.12.2, 2026.1.1, and 2026.2.0, the voters endpoint...

6.9CVSS5.9AI score0.0028EPSS

Exploits0References8

Positive Technologies•added 2026/02/26 12:0 a.m.•4 views

PT-2026-22188

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse, an open source discussion platform, had an issue where the posts nearby function was not properly filtering...

7.1CVSS5.8AI score0.00227EPSS

Exploits0References9

Positive Technologies•added 2026/02/26 12:0 a.m.•3 views

PT-2026-22175

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse is an open source discussion platform. A flaw exists in the ReviewableNotesController that allows for an...

4.3CVSS5.8AI score0.00152EPSS

Exploits0References8

Positive Technologies•added 2026/02/26 12:0 a.m.•5 views

PT-2026-22187

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse, an open source discussion platform, had a flaw where a user could add targets who had blocked, ignored, or...

5.3CVSS5.9AI score0.00158EPSS

Exploits0References9

Positive Technologies•added 2026/02/26 12:0 a.m.•4 views

PT-2026-22176

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, Trust Level 4 TL4...

2.7CVSS6AI score0.00168EPSS

Exploits0References9

Positive Technologies•added 2026/02/26 12:0 a.m.•4 views

PT-2026-22195

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse is an open source discussion platform. A flaw exists in the Data Explorer plugin's access control mechanism...

5.4CVSS6.3AI score0.00151EPSS

Exploits0References6

Positive Technologies•added 2026/02/26 12:0 a.m.•4 views

PT-2026-22193

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse is an open source discussion platform. Prior to specific versions, moderators could export user Chat Direct...

5.3CVSS5.9AI score0.00158EPSS

Exploits0References7

Positive Technologies•added 2026/02/26 12:0 a.m.•4 views

PT-2026-22197

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse is an open source discussion platform. Trust Level 4 TL4 users could publish topics into staff-only categorie...

5.1CVSS5.9AI score0.0018EPSS

Exploits0References7

Positive Technologies•added 2026/02/26 12:0 a.m.•5 views

PT-2026-22194

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse, an open source discussion platform, contains a flaw where a user's full name can be interpreted as raw HTML...

6.1CVSS5.8AI score0.00166EPSS

Exploits0References7

Positive Technologies•added 2026/02/26 12:0 a.m.•4 views

PT-2026-22153

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse, an open source discussion platform, is susceptible to a security issue. When the patreon webhook secret site...

7.5CVSS5.8AI score0.00224EPSS

Exploits0References9

CNNVD•added 2026/02/26 12:0 a.m.•8 views

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse before 2025.12.2, 2026.1.1, and 2026.2.0 contained security vulnerabilities. These vulnerabilities...

5.1CVSS5.8AI score0.0018EPSS

Exploits0References2

Packet Storm News•added 2026/02/13 12:0 a.m.•4 views

The Rise of AI Agent Communities: Large-Scale Analysis of Discourse and Interaction on Moltbook

Moltbook is a Reddit-like social platform where AI agents create posts and interact with other agents through comments and replies, offering a real-world setting to examine agent-to-agent communication at scale. Using a public API snapshot collected about five days after launch 122,438 posts, we...

5.5AI score

Exploits0

OSV•added 2026/02/02 8:42 a.m.•2 views

BIT-DISCOURSE-2026-24742 Discourse staff action logs expose sensitive information to moderators

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...

6.5CVSS5.3AI score0.00255EPSS

Exploits0References2

OSV•added 2026/02/02 8:42 a.m.•4 views

BIT-DISCOURSE-2026-21865 Discourse topic conversion permission vulnerability for moderators

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can convert some personal messages to public topics when they shouldn't have access. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a...

6.5CVSS5.3AI score0.00222EPSS

Exploits0References2

OSV•added 2026/02/02 8:42 a.m.•3 views

BIT-DISCOURSE-2025-69289 Discourse has insecure default configuration that allows non-admin moderators to takeover any non-staff account via email change

Discourse is an open source discussion platform. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allows a non-admin moderator to bypass email-change restrictions, allowing a takeover of non-staff accounts. This issue is patched in versions 3.5.4...

5.4CVSS5.4AI score0.00162EPSS

Exploits0References2

OSV•added 2026/02/02 8:42 a.m.•2 views

BIT-DISCOURSE-2025-68933 Discourse non-admin moderators can exfiltrate private content via post ownership transfer

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators with the moderatorschangepostownership setting enabled can change ownership of posts in private messages and restricted categories they cannot access, then export...

6.9CVSS5.3AI score0.00146EPSS

Exploits0References2

OSV•added 2026/02/02 8:42 a.m.•3 views

BIT-DISCOURSE-2025-68666 Discourse users archives leaked to users with moderation privileges

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, users archives are viewable by users with moderation privileges even though moderators should not have access to the archives. Private topic/post content made by the users are leaked...

6.5CVSS5.3AI score0.00238EPSS

Exploits0References2

OSV•added 2026/02/02 8:42 a.m.•4 views

BIT-DISCOURSE-2025-68662 FinalDestination hostname matching allows SSRF protection bypass

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...

9.9CVSS5.4AI score0.003EPSS

Exploits0References2

OSV•added 2026/02/02 8:42 a.m.•4 views

BIT-DISCOURSE-2025-68660 Discourse AI Discover's continue conversation allows threat actor to impersonate user

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, an endpoint lets any authenticated user bypass the aidiscoverpersona access controls and gain ongoing DM access to personas that may be wired to staff-only categories, RAG document set...

5.4CVSS5.7AI score0.00216EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by