Lucene search
K

252 matches found

Nuclei
Nuclei
added yesterday82 views

Discourse Backup File Disclosure Via Default Nginx Configuration

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore--LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...

7.5CVSS7AI score0.25431EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-53963

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a malicious second factor name on an attacker-controlled account was not escaped in the delete confirmation dialog, allowing stored cross-site scripting when an administrator impersonated that...

9CVSS0.00392EPSS
Exploits0References9
NVD
NVD
added 5 days ago10 views

CVE-2026-45788

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, secure uploads could be exposed by pullhotlinkedimages when an attacker knew the secured upload URL and the secureuploads site setting was enabled. This issue is fixed in versions 2026.6.0,...

6.3CVSS0.00466EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-44787

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primarygroupid and gain whisper-group privileges without legitimate group membership on sites with whispersallowedgroups configured. This...

8.2CVSS6AI score0.00309EPSS
Exploits0References10Affected Software1
CVE
CVE
added 5 days ago7 views

CVE-2026-46413

Discourse (open-source discussion platform) contains a vulnerability tracked as CVE-2026-46413 where, prior to versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This could allow una...

6.5CVSS5.9AI score0.00366EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-57000

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description A stored cross-site scripting issue exists where a malicious second factor name on ...

7.3CVSS6.2AI score0.00392EPSS
Exploits0References12
OSV
OSV
added 2026/06/16 12:37 p.m.4 views

BIT-DISCOURSE-2026-44785 Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, the AI "explain" helper only checks cansee? on the post being explained, not its replytopost, so any authenticated user with access to the AI...

4.3CVSS5.3AI score0.00189EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 8:24 p.m.9 views

CVE-2026-44785 Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper only checks cansee? on the post being explained, not its replytopost, so any authenticated user wi...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 12:4 a.m.50 views

CVE-2026-32244 Discourse: Cached outdated summaries can leak removed content

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...

5.3CVSS0.00233EPSS
Exploits0References1
CNVD
CNVD
added 2026/04/10 12:0 a.m.5 views

Discourse code issue vulnerability (CNVD-2026-17261)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a code issue vulnerability that can be exploited by an attacker to cause the server to initiate outbound connectio...

5.3CVSS5.9AI score0.0019EPSS
Exploits0
CNVD
CNVD
added 2026/04/10 12:0 a.m.8 views

Discourse Information Disclosure Vulnerability (CNVD-2026-17256)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that can be exploited by attackers to cause moderators to obtain informati...

6.5CVSS5.8AI score0.00234EPSS
Exploits0
OSV
OSV
added 2026/04/07 8:44 a.m.6 views

BIT-DISCOURSE-2026-32951 Discourse: Authorization bypass in oneboxer via user-controlled category id

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, an authenticated user can obtain shared draft topic titles by sending an inline onebox request with a categoryid parameter matching the shared drafts category. This issue h...

4.3CVSS5.7AI score0.00201EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.9 views

PT-2026-30241

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass vulnerability allows unauthenticated or unauthorized users to view hidden staff-only tags and its...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.9 views

Discourse 信息泄露漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.1.3, 2026.2.2, and 2026.3.0 contained a vulnerability related to information leakage. Thi...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.17 views

PT-2026-30244

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.4 views

CVE-2026-32113

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the enter action in StaticController reads the ssodestinationurl cookie and redirects to it with allowotherhost: true...

6.1CVSS5.7AI score0.00193EPSS
Exploits0References1
NVD
NVD
added 2026/03/31 6:16 p.m.5 views

CVE-2026-32113

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the enter action in StaticController reads the ssodestinationurl cookie and redirects to it with allowotherhost: true...

6.1CVSS0.00193EPSS
Exploits0References4
NVD
NVD
added 2026/03/31 6:16 p.m.5 views

CVE-2026-32243

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an attacker with the ability to create shared AI conversations could inject arbitrary HTML and JavaScript via crafted...

6.1CVSS0.00169EPSS
Exploits0References2
CVE
CVE
added 2026/03/31 5:41 p.m.19 views

CVE-2026-32620

Summary: CVE-2026-32620 affects Discourse. From 2026.1.0-latest up to before 2026.1.3, 2026.2.0-latest up to before 2026.2.2, and 2026.3.0-latest up to before 2026.3.0, non-staff users could access read receipt metadata for staff-only posts they were not supposed to see. No post content was expos...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/31 5:41 p.m.4 views

EUVD-2026-17559

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, non-staff users could access read receipt information for staff-only posts they weren't supposed to see. No post content w...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References2
Rows per page
Query Builder