4 matches found
EUVD-2021-26485
Malware in sbrugna...
CVE-2025-49845 Discourse users are able to see their own whispers even after being removed from a group that has been configured to see whispers
Discourse is an open-source discussion platform. The visibility of posts typed whisper is controlled via the whispersallowedgroups site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed whisper. However, it has been discovered that users of...
CVE-2024-49765
Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to...
CVE-2024-53266
Discourse is an open source platform for community discussion. In affected versions with some combinations of plugins, and with CSP disabled, activity streams in the user's profile page may be vulnerable to XSS. This has been patched in the latest version of Discourse core. Users are advised to...