Lucene search
K

2907 matches found

Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48983

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description Chat events for public category channels are published to the MessageBus without permission scoping. This allows any MessageBus...

7.5CVSS5.3AI score0.00259EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48988

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description When the SiteSetting.tags listed by group setting is enabled, the DetailedTagSerializertag group names function returns all tag...

5.3CVSS5.2AI score0.00216EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48987

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 through 2026.3.0 Discourse versions 2026.4.0 through 2026.4.0 Description An issue exists in the Jobs::RedeliverWebHookEvents function where the MessageBus.publish call f...

4.3CVSS5.2AI score0.00211EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48982

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description The AI explain helper fails to verify the can see? permission on the reply to post of a post being explained. This allows an...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48977

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0-latest through 2026.1.3 Discourse versions 2026.3.0-latest through 2026.3.0 Discourse versions 2026.4.0-latest through 2026.4.0 Description Bot debug endpoints disclose whisper translation audit logs. Recommendation...

4.3CVSS5.2AI score0.00235EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48978

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description The ReviewableQueuedPostSerializer unconditionally includes the raw email payload for posts received via incoming email. This allo...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.9 views

CVE-2026-34154

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in version...

5.3CVSS5.4AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.13 views

CVE-2026-33514

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature enabled can read the name and structured content of form templates that are intended exclusively...

6CVSS5.3AI score0.0025EPSS
Exploits0References1
OSV
OSV
added 2026/05/25 2:46 p.m.8 views

BIT-DISCOURSE-2026-34154 Discourse has a subscription access bypass in its discourse-subscriptions plugin

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in versions 2026.1....

5.3CVSS5.7AI score0.00214EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 7:16 p.m.18 views

CVE-2026-34154

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in version...

5.3CVSS0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 6:41 p.m.43 views

CVE-2026-34154 Discourse has a subscription access bypass in its discourse-subscriptions plugin

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in version...

2.1CVSS0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 6:41 p.m.10 views

EUVD-2026-30969

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in version...

2.1CVSS5.7AI score0.00214EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 6:41 p.m.7 views

CVE-2026-34154

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in version...

2.1CVSS5.7AI score0.00214EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/19 6:41 p.m.8 views

CVE-2026-34154 Discourse has a subscription access bypass in its discourse-subscriptions plugin

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in version...

2.1CVSS5.7AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 6:41 p.m.16 views

CVE-2026-34154

CVE-2026-34154 affects Discourse where the vulnerability resides in the discourse-subscriptions plugin. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, users could access subscription-gated groups without completing payment. The issue has been fixed in versions 2026.1.4, ...

5.3CVSS5.7AI score0.00214EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/19 2:16 a.m.20 views

CVE-2026-33514

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature enabled can read the name and structured content of form templates that are intended exclusively...

6CVSS0.0025EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 12:59 a.m.9 views

CVE-2026-33514 Discourse: Information Disclosure in Form Template API Due to Missing Authorization

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature enabled can read the name and structured content of form templates that are intended exclusively...

6CVSS5.7AI score0.0025EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/19 12:59 a.m.8 views

EUVD-2026-30821

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature enabled can read the name and structured content of form templates that are intended exclusively...

6CVSS5.7AI score0.0025EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 12:59 a.m.24 views

CVE-2026-33514

Summary: CVE-2026-33514 affects Discourse. In affected releases prior to 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1, an authenticated user with the form templates feature enabled could read the name and structured content of form templates that are intended only for categories the user i...

6CVSS5.7AI score0.0025EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/19 12:59 a.m.45 views

CVE-2026-33514 Discourse: Information Disclosure in Form Template API Due to Missing Authorization

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature enabled can read the name and structured content of form templates that are intended exclusively...

6CVSS0.0025EPSS
Exploits0References2
Rows per page
Query Builder