Lucene search
K

5 matches found

OpenVAS
OpenVAS
added 2025/06/26 12:0 a.m.5 views

Discourse 3.5.x < 3.5.0.beta8 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

9.8CVSS5.8AI score0.00451EPSS
Exploits0References3
Circl
Circl
added 2025/06/25 3:52 p.m.9 views

CVE-2025-49845

creationtimestamp| type| source ---|---|--- 2025-06-25 15:52:10+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19464...

7.5CVSS4.8AI score0.00337EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/25 3:39 p.m.11 views

CVE-2025-49845 Discourse users are able to see their own whispers even after being removed from a group that has been configured to see whispers

Discourse is an open-source discussion platform. The visibility of posts typed whisper is controlled via the whispersallowedgroups site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed whisper. However, it has been discovered that users of...

6.3CVSS0.00337EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/25 3:39 p.m.6 views

CVE-2025-49845 Discourse users are able to see their own whispers even after being removed from a group that has been configured to see whispers

Discourse is an open-source discussion platform. The visibility of posts typed whisper is controlled via the whispersallowedgroups site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed whisper. However, it has been discovered that users of...

6.3CVSS6.8AI score0.00337EPSS
Exploits0References1
CVE
CVE
added 2025/06/25 3:39 p.m.35 views

CVE-2025-49845

Discourse has a vulnerability (CVE-2025-49845) where users on versions prior to 3.4.6 (stable) or 3.5.0.beta8-dev (tests-passed) can still view their own whispers after losing visibility to posts typed whisper. The issue is fixed in 3.4.6 and 3.5.0.beta8-dev. No publicly provided workarounds are ...

7.5CVSS6.8AI score0.00337EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder