CVE-2026-44786 Discourse: Public chat MessageBus broadcasts are not restricted to chat-eligible users

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public category channels are published to MessageBus without permission scoping, so any MessageBus...

PT-2026-48983

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public category channels are published to MessageBus without permission scoping, so any MessageBus...

CVE-2021-35975

Absolute path traversal vulnerability in the Systematica SMTP Adapter component up to v2.0.1.101 in Systematica Radius up to v.3.9.256.777 allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter u...

Path traversal

Absolute path traversal vulnerability in the Systematica SMTP Adapter component up to v2.0.1.101 in Systematica Radius up to v.3.9.256.777 allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter u...

CVE-2021-35975

Absolute path traversal vulnerability in the Systematica SMTP Adapter component up to v2.0.1.101 in Systematica Radius up to v.3.9.256.777 allows remote attackers to read arbitrary files via a full pathname in GET parameter “file” in URL. Also: affected components in same product – HTTP Adapter u...

CVE-2021-35975

CVE-2021-35975 affects Systematica Radius and multiple components (SMTP Adapter up to v2.0.1.101; HTTP Adapter up to v1.8.0.15; MSSQL MessageBus Proxy up to v1.1.06; Financial Calculator up to v1.3.05; FIX Adapter up to v2.4.0.25). The vulnerability is an absolute path traversal in the GET parame...

CVE-2021-35975

Absolute path traversal vulnerability in the Systematica SMTP Adapter component up to v2.0.1.101 in Systematica Radius up to v.3.9.256.777 allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter u...

BIT-2023-45131

Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for...

Design/Logic Flaw

Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for...

CVE-2023-45131 Unauthenticated access to new private chat messages in Discourse

Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for...

Discourse Information Disclosure Vulnerability

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. Discourse suffers from an information disclosure vulnerability that originates from allowing an attacker to read new chat messages by sending a POST request to MessageBus...

MessageBus path traversal vulnerability

MessageBus is a reliable and robust messaging bus for Ruby processes and Web clients. messageBus suffers from a path traversal vulnerability, which stems from the lack of data restriction and filtering of the paths in messagebus. errors, which could lead to the disclosure of secret information on...

Path traversal when MessageBus::Diagnostics is enabled

Impact Users who deployed message bus with diagnostics features enabled default off were vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user were to gain access to the diagnostic route. The impact is also greater if there is ...

GHSA-XMGJ-5FH3-XJMM Path traversal when MessageBus::Diagnostics is enabled

Impact Users who deployed message bus with diagnostics features enabled default off were vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user were to gain access to the diagnostic route. The impact is also greater if there is ...

CVE-2021-43840

messagebus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled default off are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user...

Path traversal

messagebus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled default off are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user...

Path traversal when MessageBus::Diagnostics is enabled

Impact Users who deployed message bus with diagnostics features enabled default off were vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user were to gain access to the diagnostic route. The impact is also greater if there is ...

MessageBus 路径遍历漏洞

MessageBus is a reliable and robust messaging bus for Ruby processes and Web clients. messageBus suffers from a path traversal vulnerability, which stems from the lack of data restriction and filtering of the paths in messagebus. errors, which could lead to the disclosure of secret information on...

CVE-2021-43840

messagebus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled default off are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user...

Mandriva Update for dbus MDVSA-2008:054 (dbus)

Check for the Version of dbus OpenVAS Vulnerability Test Mandriva Update for dbus MDVSA-2008:054 dbus Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...