CVE-2026-27481

Discourse (open-source platform) is affected by an authorization bypass affecting hidden staff-only tags. Affects versions 2026.1.0-latest–2026.1.3, 2026.2.0-latest–2026.2.2, and 2026.3.0-latest–2026.3.0. Unauthenticated/unauthorized users could view hidden tags and related data when tagging is e...

CVE-2026-27481

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass vulnerability allows unauthenticated or unauthorized users to view hidden staff-only tags and its...

CVE-2026-27481 Discourse: Hidden tag visibility bypass on tag routes

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass vulnerability allows unauthenticated or unauthorized users to view hidden staff-only tags and its...

Discourse 信息泄露漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse from 2026.1.0-latest to 2026.1.3, from 2026.2.0-latest to 2026.2.2, and from 2026.3.0-latest to 2026.3....

BIT-DISCOURSE-2026-33426 Discourse users can edit or synonymize hidden tags they can't see

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0, 2026.2.1, and 2026.1....

CVE-2026-33426

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0-latest.1,...

CVE-2026-33426

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0-latest.1,...

Discourse 安全漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a security vulnerability that stems from a user with tag editing privileges being able to edit and create synonyms...

CVE-2026-33426

CVE-2026-33426 affects Discourse. Before versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 , users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they could not see those tags. A patch is included in versions 2026.3.0-latest.1, 2026....

CVE-2026-33426 Discourse users can edit or synonymize hidden tags they can't see

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0-latest.1,...

CVE-2026-33426 Discourse users can edit or synonymize hidden tags they can't see

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0-latest.1,...

CVE-2026-33426

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0-latest.1,...

CVE-2026-33426 Discourse users can edit or synonymize hidden tags they can't see

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0-latest.1,...

PT-2026-26710

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Users with tag-editing permissions could modify and create...

EUVD-2022-48985

Malicious code in bioql PyPI...

EUVD-2023-27717

Malicious code in bioql PyPI...

BIT-MOODLE-2025-26527 Non-searchable tags can still be discovered on the tag search page and in the tags block

Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block...

CVE-2023-23624

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, someone can use the excludetag param to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse...

CVE-2022-46150

Discourse is an open-source discussion platform. Prior to version 2.8.13 of the stable branch and version 2.9.0.beta14 of the beta and tests-passed branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue...

Information Disclosure

moodle/moodle is vulnerable to Information Disclosure. The vulnerability is due to inadequate restrictions on tag visibility, which allows users to access and discover hidden tags through the tag search page or tags block...