Lucene search
+L

147 matches found

CVE
CVE
added 2025/03/26 2:8 p.m.80 views

CVE-2025-24808

Summary: Discourse is affected by a race condition in the add_users_to_channel flow when adding users to a group DM, potentially bypassing the group size limit. Affected versions: before 3.3.4 on the stable branch and before 3.4.0.beta5 on the beta branch. Root cause: lack of proper synchronizati...

4.3CVSS7AI score0.00196EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/26 2:8 p.m.19 views

CVE-2025-24808 Discourse has race condition when adding users to a group DM

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due...

4.3CVSS7AI score0.00196EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.5 views

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email and chat rooms. A security vulnerability exists in Discourse stable prior to version 3.3.4 and beta prior to version 3.4.0.beta5, which stems from the...

4.3CVSS6.4AI score0.00351EPSS
Exploits0References1
Circl
Circl
added 2024/03/08 1:16 a.m.5 views

CVE-2024-20301

creationtimestamp| type| source ---|---|--- 2024-03-08 01:16:21+00:00| seen| https://t.me/arpsyndicate/4134...

6.2CVSS6.2AI score0.00266EPSS
Exploits0References1
Circl
Circl
added 2023/09/07 12:29 p.m.8 views

CVE-2023-36123

creationtimestamp| type| source ---|---|--- 2023-09-07 12:29:43+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/5095 2023-10-07 07:13:59+00:00| seen| https://t.me/cibsecurity/71771...

7.8CVSS7.5AI score0.00711EPSS
Exploits1References2
NVD
NVD
added 2022/09/05 6:15 a.m.13 views

CVE-2022-39840

Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message DM...

4.8CVSS0.00411EPSS
Exploits1References1
Prion
Prion
added 2022/09/05 6:15 a.m.17 views

Cross site scripting

Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message DM...

4.3CVSS4.7AI score0.00411EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/09/05 5:6 a.m.47 views

CVE-2022-39840

CVE-2022-39840 affects Cotonti Siena 0.9.20, enabling stored XSS via direct messages (DM). Impact: admin-level content processing could be manipulated to execute scripts; CVSS 3.1 base score 4.8 (MEDIUM) with network vector, low attack complexity, user interaction required. Root cause details are...

4.8CVSS4.7AI score0.00411EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/09/05 5:6 a.m.17 views

CVE-2022-39840

Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message DM...

4.8CVSS5.7AI score0.00411EPSS
Exploits1References3
Huntr
Huntr
added 2022/08/05 6:36 p.m.11 views

Send message to blocked user

Description In this case if a userA block userB. UserB is still able to send private message to user A Proof of Concept 1.USerA block userB 2.UserB send direct request to message endpoint with userA''s userID Poc POST https://bookwyrm.social/post/direct Host: bookwyrm.social User-Agent: Mozilla/5...

7AI score
Exploits0
Prion
Prion
added 2022/06/21 7:15 p.m.19 views

Design/Logic Flaw

discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily...

4CVSS6.4AI score0.00542EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/06/16 3:15 p.m.4 views

CVE-2022-31300

A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

5.4CVSS6.2AI score0.01149EPSS
Exploits1References4
OSV
OSV
added 2022/06/16 3:15 p.m.5 views

CVE-2022-31300

A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

5.4CVSS5.9AI score0.01149EPSS
Exploits1References3
Circl
Circl
added 2021/12/03 2:37 p.m.6 views

CVE-2021-4000

creationtimestamp| type| source ---|---|--- 2021-12-03 14:37:39+00:00| seen| https://t.me/cibsecurity/33299...

6.5CVSS6.1AI score0.00822EPSS
Exploits1References1
Wordfence Blog
Wordfence Blog
added 2021/10/28 2:3 p.m.13 views

PSA: Widespread Remote Working Scam Underway

Ive just gotten off the phone with a victim of the scam that Im about to describe. This is impacting a lot of folks, so please do spread the word. Its infuriating. Ill be around to reply to your comments below, but please do not engage in victim-blaming, because until youve actually been hit by o...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/25 6:37 p.m.50 views

Slack hurries to fix direct message flaw that allowed harassment

The enormous work messaging platform Slack quickly reversed course yesterday, promising to revise a brand-new direct message feature that could have been misused for harassment. Added to the company’s “Slack Connect” product—which lets enterprise users share messages with contract workers and...

6.9AI score
Exploits0
NVD
NVD
added 2020/06/19 2:15 p.m.14 views

CVE-2020-14459

An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002...

7.5CVSS0.0094EPSS
Exploits0References1
OSV
OSV
added 2020/06/19 2:15 p.m.13 views

CVE-2020-14459

An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002...

7.5CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2020/06/19 2:15 p.m.10 views

Code injection

An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service infinite loop, aka MMSA-2020-0020...

5CVSS7.3AI score0.01114EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/06/19 2:15 p.m.19 views

Design/Logic Flaw

An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002...

5CVSS7.5AI score0.0094EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder