Lucene search
K

19 matches found

Vulnrichment
Vulnrichment
added 2026/03/31 5:42 p.m.3 views

CVE-2026-33415 Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were n...

5.1CVSS5.8AI score0.00188EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/31 5:42 p.m.26 views

CVE-2026-33415 Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were n...

5.1CVSS0.00188EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 5:42 p.m.2 views

CVE-2026-33415

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were n...

5.1CVSS5.7AI score0.00188EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/31 5:42 p.m.3 views

EUVD-2026-17574

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were n...

5.1CVSS5.7AI score0.00188EPSS
Exploits0References2
OSV
OSV
added 2026/03/31 5:42 p.m.3 views

CVE-2026-33415 Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were n...

5.1CVSS5.8AI score0.00188EPSS
Exploits0References4
OSV
OSV
added 2026/02/26 7:57 p.m.7 views

CVE-2026-27151 Discourse doesn't validate destination topic when moving posts

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...

5.3CVSS5.9AI score0.00154EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.10 views

CVE-2023-31142

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of t...

5.3CVSS6.5AI score0.00319EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-35461

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00319EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 10:57 a.m.13 views

BIT-DISCOURSE-2023-31142 Discourse's general category permissions could be set back to default

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of t...

5.3CVSS4.3AI score0.00319EPSS
Exploits0References2
OSV
OSV
added 2023/11/09 8:15 p.m.18 views

CVE-2023-5549

Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage...

5.3CVSS5.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/11/09 12:0 a.m.6 views

PT-2023-32170 · Moodle +7 · Moodle +3

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to insufficient web service capability checks. This allowed users to move categories they had permission to manage to a parent...

5.3CVSS4.8AI score0.0056EPSS
Exploits0References15
Vulnrichment
Vulnrichment
added 2023/06/13 9:12 p.m.11 views

CVE-2023-31142 Discourse's general category permissions could be set back to default

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of t...

2CVSS5.1AI score0.00319EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/13 12:0 a.m.3 views

PT-2023-23175 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.4 of the stable branch Discourse versions prior to 3.1.0.beta5 of the beta and tests-passed branches Description: Discourse is an open source discussion platform. If a site has modified their general category...

5.3CVSS5AI score0.00319EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/06/13 12:0 a.m.3 views

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes community, email and chat room features. A security vulnerability exists in Discourse versions prior to 3.0.4 stable, and prior to 3.1.0.beta5, which stems from the possibility that if a site modifies the regular...

5.3CVSS5.6AI score0.00319EPSS
Exploits0References1
NVD
NVD
added 2022/04/11 8:15 p.m.37 views

CVE-2022-24804

Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user...

5.3CVSS0.00831EPSS
Exploits0References2
Prion
Prion
added 2022/04/11 8:15 p.m.19 views

Design/Logic Flaw

Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user...

5CVSS5.2AI score0.00831EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/04/11 7:16 p.m.42 views

CVE-2022-24804 Private group name exposure in discourse

Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user...

5.3CVSS6.2AI score0.00831EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.3 views

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email, and chat rooms. Discourse suffers from an information disclosure vulnerability that stems from the fact that when a group with restricted visibility is used to set permissions for...

5.3CVSS5.7AI score0.00831EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/04/11 12:0 a.m.4 views

PT-2022-16890 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.3 Discourse beta versions prior to 2.9.0.beta4 Description: The issue concerns the erroneous exposure of groups in Discourse, an open source platform for community discussion. When a group with restricted...

5.3CVSS5.1AI score0.00831EPSS
Exploits0References7
Rows per page
Query Builder