147 matches found
CVE-2025-24808
Summary: Discourse is affected by a race condition in the add_users_to_channel flow when adding users to a group DM, potentially bypassing the group size limit. Affected versions: before 3.3.4 on the stable branch and before 3.4.0.beta5 on the beta branch. Root cause: lack of proper synchronizati...
CVE-2025-24808 Discourse has race condition when adding users to a group DM
Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due...
Discourse 安全漏洞
Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email and chat rooms. A security vulnerability exists in Discourse stable prior to version 3.3.4 and beta prior to version 3.4.0.beta5, which stems from the...
CVE-2024-20301
creationtimestamp| type| source ---|---|--- 2024-03-08 01:16:21+00:00| seen| https://t.me/arpsyndicate/4134...
CVE-2023-36123
creationtimestamp| type| source ---|---|--- 2023-09-07 12:29:43+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/5095 2023-10-07 07:13:59+00:00| seen| https://t.me/cibsecurity/71771...
CVE-2022-39840
Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message DM...
Cross site scripting
Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message DM...
CVE-2022-39840
CVE-2022-39840 affects Cotonti Siena 0.9.20, enabling stored XSS via direct messages (DM). Impact: admin-level content processing could be manipulated to execute scripts; CVSS 3.1 base score 4.8 (MEDIUM) with network vector, low attack complexity, user interaction required. Root cause details are...
CVE-2022-39840
Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message DM...
Send message to blocked user
Description In this case if a userA block userB. UserB is still able to send private message to user A Proof of Concept 1.USerA block userB 2.UserB send direct request to message endpoint with userA''s userID Poc POST https://bookwyrm.social/post/direct Host: bookwyrm.social User-Agent: Mozilla/5...
Design/Logic Flaw
discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily...
CVE-2022-31300
A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...
CVE-2022-31300
A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...
CVE-2021-4000
creationtimestamp| type| source ---|---|--- 2021-12-03 14:37:39+00:00| seen| https://t.me/cibsecurity/33299...
PSA: Widespread Remote Working Scam Underway
Ive just gotten off the phone with a victim of the scam that Im about to describe. This is impacting a lot of folks, so please do spread the word. Its infuriating. Ill be around to reply to your comments below, but please do not engage in victim-blaming, because until youve actually been hit by o...
Slack hurries to fix direct message flaw that allowed harassment
The enormous work messaging platform Slack quickly reversed course yesterday, promising to revise a brand-new direct message feature that could have been misused for harassment. Added to the company’s “Slack Connect” product—which lets enterprise users share messages with contract workers and...
CVE-2020-14459
An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002...
CVE-2020-14459
An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002...
Code injection
An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service infinite loop, aka MMSA-2020-0020...
Design/Logic Flaw
An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002...