Lucene search
K

2933 matches found

EUVD
EUVD
added 2026/06/12 8:22 p.m.10 views

EUVD-2026-36582

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public category channels are published to MessageBus without permission scoping, so any MessageBus...

7.5CVSS5.3AI score0.00259EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 6:24 p.m.4 views

OPENSUSE-SU-2026:20963-1 Security update for neonmodem

This update for neonmodem fixes the following issues: Changes in neonmodem: - Update golang.org/x/net dependency to v0.55.0 due to bsc1267193 - Update golang.org/x/image dependency to v0.38.0 due to bsc1260727 - Update golang.org/x/term dependency to v0.42.0 due to bsc1260727 - Update to version...

6.5CVSS6.2AI score0.00328EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48983

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description Chat events for public category channels are published to the MessageBus without permission scoping. This allows any MessageBus...

7.5CVSS5.3AI score0.00259EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.23 views

PT-2026-48979

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description An issue exists in the GroupPostSerializer where the predicate for the :name attribute was incorrectly declared as include user lo...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48987

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 through 2026.3.0 Discourse versions 2026.4.0 through 2026.4.0 Description An issue exists in the Jobs::RedeliverWebHookEvents function where the MessageBus.publish call f...

4.3CVSS5.2AI score0.00211EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48980

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0-latest through 2026.1.3 Discourse versions 2026.3.0-latest through 2026.3.0 Discourse versions 2026.4.0-latest through 2026.4.0 Description A flaw in the handling of replies to whisper posts allows authenticated use...

5.4CVSS5.2AI score0.00148EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48977

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0-latest through 2026.1.3 Discourse versions 2026.3.0-latest through 2026.3.0 Discourse versions 2026.4.0-latest through 2026.4.0 Description Bot debug endpoints disclose whisper translation audit logs. Recommendation...

4.3CVSS5.2AI score0.00235EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48986

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0-latest through 2026.1.3 Discourse versions 2026.3.0-latest through 2026.3.0 Discourse versions 2026.4.0-latest through 2026.4.0 Description A path traversal issue exists in the backup handling of this open-source...

6.8CVSS5.1AI score0.00323EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.21 views

PT-2026-48982

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description The AI explain helper fails to verify the can see? permission on the reply to post of a post being explained. This allows an...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48988

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description When the SiteSetting.tags listed by group setting is enabled, the DetailedTagSerializertag group names function returns all tag...

5.3CVSS5.2AI score0.00216EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.20 views

PT-2026-48978

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description The ReviewableQueuedPostSerializer unconditionally includes the raw email payload for posts received via incoming email. This allo...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.9 views

CVE-2026-34154

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in version...

5.3CVSS5.4AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.13 views

CVE-2026-33514

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature enabled can read the name and structured content of form templates that are intended exclusively...

6CVSS5.3AI score0.0025EPSS
Exploits0References1
OSV
OSV
added 2026/05/25 2:46 p.m.8 views

BIT-DISCOURSE-2026-34154 Discourse has a subscription access bypass in its discourse-subscriptions plugin

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in versions 2026.1....

5.3CVSS5.7AI score0.00214EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 7:16 p.m.18 views

CVE-2026-34154

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in version...

5.3CVSS0.00214EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 6:41 p.m.8 views

CVE-2026-34154

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in version...

2.1CVSS5.7AI score0.00214EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/19 6:41 p.m.43 views

CVE-2026-34154 Discourse has a subscription access bypass in its discourse-subscriptions plugin

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in version...

2.1CVSS0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 6:41 p.m.10 views

EUVD-2026-30969

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in version...

2.1CVSS5.7AI score0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 6:41 p.m.8 views

CVE-2026-34154 Discourse has a subscription access bypass in its discourse-subscriptions plugin

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in version...

2.1CVSS5.7AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 6:41 p.m.16 views

CVE-2026-34154

CVE-2026-34154 affects Discourse where the vulnerability resides in the discourse-subscriptions plugin. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, users could access subscription-gated groups without completing payment. The issue has been fixed in versions 2026.1.4, ...

5.3CVSS5.7AI score0.00214EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder