Lucene search
K

14 matches found

Vulnrichment
Vulnrichment
added 2026/03/20 10:56 p.m.2 views

CVE-2026-33291 Discourse user can create Zendesk tickets even when it does not have access to topic

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2...

5.1CVSS5.8AI score0.00196EPSS
Exploits0References1
CVE
CVE
added 2026/03/19 9:45 p.m.15 views

CVE-2026-28282

Discourse security advisory: A vulnerability in the discourse-policy plugin allows a user with policy creation permission to gain membership in private/restricted groups. Affected versions are prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. Exploitation would let the user read private topics ...

6.5CVSS5.6AI score0.00332EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/03 1:29 p.m.4 views

BIT-DISCOURSE-2026-26979 Discourse: TL4 users are able to change status of restricted topics

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users are able to close, archive and pin topics in private categories they don't have access to. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available...

2.7CVSS6AI score0.00168EPSS
Exploits0References2
OSV
OSV
added 2026/02/26 7:57 p.m.7 views

CVE-2026-27151 Discourse doesn't validate destination topic when moving posts

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...

5.3CVSS5.9AI score0.00154EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/26 7:25 p.m.23 views

CVE-2026-26979 Discourse: TL4 users are able to change status of restricted topics

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users are able to close, archive and pin topics in private categories they don't have access to. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available...

0.00168EPSS
Exploits0References1
CVE
CVE
added 2026/02/26 7:25 p.m.16 views

CVE-2026-26979

CVE-2026-26979 affects Discourse: TL4 users can close, archive, or pin topics in private categories they lack access to. Fixed in versions 2025.12.2, 2026.1.1, and 2026.2.0. Impact is unauthorized topic status changes with LOW severity (CVSS 3.1: none certain, I=LOW). No workarounds are reported....

2.7CVSS5.4AI score0.00168EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/26 7:25 p.m.6 views

CVE-2026-26979 Discourse: TL4 users are able to change status of restricted topics

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users are able to close, archive and pin topics in private categories they don't have access to. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available...

6AI score0.00168EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/06 6:14 a.m.15 views

CVE-2025-58055

Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic “Title”, “Category”, and “Tags” allowed authenticated users to extract information about topics that they weren’t authorized to access. By modifying the “topicid...

4.3CVSS6.2AI score0.00237EPSS
Exploits0References1
NVD
NVD
added 2025/10/01 7:15 p.m.9 views

CVE-2025-58055

Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic “Title”, “Category”, and “Tags” allowed authenticated users to extract information about topics that they weren’t authorized to access. By modifying the “topicid...

4.3CVSS0.00237EPSS
Exploits0References4
CVE
CVE
added 2025/10/01 6:48 p.m.25 views

CVE-2025-58055

Discourse vulnerability CVE-2025-58055 affects version 3.5.0 and earlier, where AI suggestion endpoints for Title, Category, and Tags can disclose information from restricted topics by altering topic_id in API requests. The root cause is improper access control at the AI helper endpoints, enablin...

4.3CVSS5.8AI score0.00237EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/10/01 6:48 p.m.8 views

CVE-2025-58055 Discourse AI Suggestions Contain Insecure Direct Object Reference

Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic “Title”, “Category”, and “Tags” allowed authenticated users to extract information about topics that they weren’t authorized to access. By modifying the “topicid...

4.3CVSS6.1AI score0.00237EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.7 views

PT-2025-40289

Name of the Vulnerable Software and Affected Versions Discourse versions 3.5.0 and below Description Discourse, an open-source community discussion platform, had an issue where authenticated users could access information about topics they were not authorized to view. This occurred through the AI...

4.3CVSS6.3AI score0.00237EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2023/04/21 12:0 a.m.20 views

Discourse 3.1.x < 3.1.0.beta2 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescriptio...

5.4CVSS5.4AI score0.00534EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/28 12:0 a.m.4 views

PT-2022-26174 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.12 Discourse versions prior to 2.9.0.beta13 Description: Discourse is an open-source discussion platform. Under certain conditions, a user can see notifications for topics they no longer have access to,...

4.3CVSS4.3AI score0.00448EPSS
Exploits0References8
Rows per page
Query Builder