35 matches found
CVE-2026-33073 discourse-subscriptions plugin leaking stripe API key in multisite environment
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the discourse-subscriptions plugin leaks stripe API keys across sites in a multisite cluster resulting in the potential fo...
CVE-2026-28282
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a security flaw in the discourse-policy plugin which allowed a user with policy creation permission to gain membership access to any private/restricted groups. Once membership to a...
CVE-2025-67723 Discourse vulnerable to stored Cross-site Scripting via Katex in discourse-math plugin
Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. This issue is patched in versions 3.5.4, 2025.11.2,...
CVE-2025-67723 Discourse vulnerable to stored Cross-site Scripting via Katex in discourse-math plugin
Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. This issue is patched in versions 3.5.4, 2025.11.2,...
CVE-2023-25169
discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have some data linked to its original account. This issue has been patched in commit b3ab33bbf7 which is...
WordPress Plugin WP Discourse Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WP Discourse, which stem...
WordPress WP Discourse plugin <= 2.5.9 - Authenticated (Author+) Information Exposure vulnerability
Authenticated Author+ Information Exposure vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin WP Discourse versions = 2.5.9...
CVE-2025-11983
The WP Discourse WordPress plugin (versions up to and including 2.5.9) exposes Discourse API credentials (Api-Key and Api-Username) by unconditionally sending them to any host specified in a post’s discourse_permalink field during comment synchronization. This information exposure can be exploite...
WordPress plugin WP Discourse 信息泄露漏洞
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WP Discourse, which stem...
EUVD-2024-29116
Malicious code in bioql PyPI...
EUVD-2022-41783
Malicious code in bioql PyPI...
EUVD-2023-48047
Malicious code in bioql PyPI...
EUVD-2024-22147
Malicious code in bioql PyPI...
EUVD-2023-34987
Malicious code in bioql PyPI...
EUVD-2023-29136
Malicious code in bioql PyPI...
EUVD-2023-48733
Malicious code in bioql PyPI...
EUVD-2023-48046
Malicious code in bioql PyPI...
EUVD-2024-19284
Malicious code in bioql PyPI...
EUVD-2024-52311
Malicious code in bioql PyPI...
CVE-2024-21658
discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been...