Lucene search
K

4 matches found

OSV
OSV
added 2026/03/31 5:41 p.m.8 views

CVE-2026-32620 Discourse: Missing post-level authorization allows whisper metadata disclosure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, non-staff users could access read receipt information for staff-only posts they weren't supposed to see. No post content w...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/31 5:39 p.m.1 views

CVE-2026-32273

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, updating a category description via API is not sanitizing the description string, which can lead to XSS attacks. This issu...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/27 7:11 a.m.9 views

BIT-DISCOURSE-2026-33425 Discourse has inferable private group membership or existence via exclude_groups parameter

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, unauthenticated users can determine whether a specific user is a member of a private group by observing changes in directory results when using the excludegroups parameter. Versions 2026.3.0,...

6.9CVSS5.9AI score0.00207EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 7:10 a.m.4 views

BIT-DISCOURSE-2026-33291 Discourse user can create Zendesk tickets even when it does not have access to topic

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. No...

5.4CVSS5.9AI score0.00196EPSS
Exploits0References2
Rows per page
Query Builder