Lucene search
K

5 matches found

OSV
OSV
added 2026/03/03 1:29 p.m.2 views

BIT-DISCOURSE-2026-26973 Discourse doesn't scope reviewable notes to user-visible reviewables

Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 have an IDOR Insecure Direct Object Reference in ReviewableNotesController. When enablecategorygroupmoderation is enabled, a user belonging to a category moderation group can create or delete thei...

4.3CVSS5.9AI score0.00152EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/26 7:19 p.m.23 views

CVE-2026-26973 Discourse doesn't scope reviewable notes to user-visible reviewables

Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 have an IDOR Insecure Direct Object Reference in ReviewableNotesController. When enablecategorygroupmoderation is enabled, a user belonging to a category moderation group can create or delete thei...

4.3CVSS0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/26 7:19 p.m.6 views

EUVD-2026-8878

Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 have an IDOR Insecure Direct Object Reference in ReviewableNotesController. When enablecategorygroupmoderation is enabled, a user belonging to a category moderation group can create or delete thei...

4.3CVSS5.3AI score0.00152EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/26 7:19 p.m.2 views

CVE-2026-26973

Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 have an IDOR Insecure Direct Object Reference in ReviewableNotesController. When enablecategorygroupmoderation is enabled, a user belonging to a category moderation group can create or delete thei...

4.3CVSS5.7AI score0.00152EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/26 7:19 p.m.3 views

CVE-2026-26973 Discourse doesn't scope reviewable notes to user-visible reviewables

Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 have an IDOR Insecure Direct Object Reference in ReviewableNotesController. When enablecategorygroupmoderation is enabled, a user belonging to a category moderation group can create or delete thei...

4.3CVSS5.9AI score0.00152EPSS
Exploits0References3
Rows per page
Query Builder