Lucene search
K

5 matches found

OSV
OSV
added 2026/04/07 8:43 a.m.5 views

BIT-DISCOURSE-2026-32620 Discourse: Missing post-level authorization allows whisper metadata disclosure

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, non-staff users could access read receipt information for staff-only posts they weren't supposed to see. No post content was exposed, only metadata about who read the post...

5.3CVSS5.7AI score0.00201EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.6 views

CVE-2026-32620

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, non-staff users could access read receipt information for staff-only posts they weren't supposed to see. No post content w...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/31 5:41 p.m.27 views

CVE-2026-33185 Discourse: Group SMTP test endpoint susceptible to SSRF

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the group email settings test endpoint could be used to make the server initiate outbound connections to arbitrary hosts a...

5.3CVSS0.0019EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 5:41 p.m.2 views

CVE-2026-32620

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, non-staff users could access read receipt information for staff-only posts they weren't supposed to see. No post content w...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/31 5:41 p.m.19 views

CVE-2026-32620

Summary: CVE-2026-32620 affects Discourse. From 2026.1.0-latest up to before 2026.1.3, 2026.2.0-latest up to before 2026.2.2, and 2026.3.0-latest up to before 2026.3.0, non-staff users could access read receipt metadata for staff-only posts they were not supposed to see. No post content was expos...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder