2870 matches found
CVE-2025-64528 Users are able to find users by name even when `enable_names` is off
Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a username can find the user and their full name via UI or API, even when enablenames is disabled. Versions 3.5.3, 2025.11.1, and 2025.12.0 contain a fix...
CVE-2025-64528 Users are able to find users by name even when `enable_names` is off
Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a username can find the user and their full name via UI or API, even when enablenames is disabled. Versions 3.5.3, 2025.11.1, and 2025.12.0 contain a fix...
PT-2025-54189
Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a username can find the user and their full name via UI or API, even when enable names is disabled. Versions 3.5.3, 2025.11.1, and 2025.12.0 contain a fix...
Discourse 安全漏洞
Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email, and chat rooms. A security vulnerability exists in Discourse versions prior to 3.5.3, prior to 2025.11.1, and prior to 2025.12.0, which stems from an...
aleksis (>=2022.6.0.post0 <=2023.6.1), aleksis-app-alsijil (>=2.0.0 <=3.0.1) +97 more potentially affected by CVE-2025-65431 via django-allauth (>=0.24.1 <=65.12.1)
django-allauth PYPI version =0.24.1, =2022.6.0.post0, =2.0.0, =1.0.0, =2.0.0, =2.1.0, =2.0.0, =1.0.0.dev0, =0.1.0, =2.0.0, =2.0.0, =0.1.0, =2.0.0, =1.0.0, =0.1.1, =2.0.0.dev0, =2.0.0.dev2 and more Source cves: CVE-2025-65431 Source advisory: OSV:PYSEC-2025-111...
Framing the Hacker: Media Representations and Public Discourse in Germany
This paper examines how the figure of the hacker is portrayed in German mainstream media and explores the impact of media framing on public discourse. Through a longitudinal content analysis of 301 articles from four of the most widely circulated German newspapers Die Zeit, S�ddeutsche Zeitung,...
BIT-DISCOURSE-2025-61598 Discourse is missing Cache-Control response header on error responses
Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...
WordPress Plugin WP Discourse Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WP Discourse, which stem...
WordPress WP Discourse plugin <= 2.5.9 - Authenticated (Author+) Information Exposure vulnerability
Authenticated Author+ Information Exposure vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin WP Discourse versions = 2.5.9...
CVE-2025-11983
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...
EUVD-2025-37422
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...
CVE-2025-11983
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...
CVE-2025-11983 WP Discourse <= 2.5.9 - Authenticated (Author+) Information Exposure
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...
CVE-2025-11983 WP Discourse <= 2.5.9 - Authenticated (Author+) Information Exposure
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...
CVE-2025-11983
The WP Discourse WordPress plugin (versions up to and including 2.5.9) exposes Discourse API credentials (Api-Key and Api-Username) by unconditionally sending them to any host specified in a post’s discourse_permalink field during comment synchronization. This information exposure can be exploite...
WordPress plugin WP Discourse 信息泄露漏洞
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WP Discourse, which stem...
PT-2025-44710
Name of the Vulnerable Software and Affected Versions WP Discourse plugin for WordPress versions through 2.5.9 Description The WP Discourse plugin for WordPress is susceptible to information disclosure. The plugin unconditionally transmits Discourse API credentials Api-Key and Api-Username header...
CVE-2025-61598
Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...
Discourse Cache Poisoning Vulnerability (GHSA-jp9x-wwv6-cv3j)
Discourse is prone to a cache poisoning vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...
CVE-2025-61598
Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...