Discourse Information Disclosure Vulnerability (CNVD-2026-17256)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that can be exploited by attackers to cause moderators to obtain informati...

BIT-DISCOURSE-2026-33300 Discourse: Hidden group names and access metadata are exposed to moderators through the `category-chatables` endpoint

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, an authorization bypass in the Category Chatables Controller show action allowed moderators to get information on hidden groups names and user count. This issue has been...

Discourse 信息泄露漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that can be exploited by attackers to cause moderators to obtain informati...

PT-2026-29318

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass in the Category Chatables Controller show action allowed moderators to get information on hidden...

CVE-2026-31869 Discourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_names` check

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership grou...

CVE-2026-31869 Discourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_names` check

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership grou...

CVE-2026-31869 Discourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_names` check

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership grou...

EUVD-2026-13496

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerControllermentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowednames referencing a hidden-membership grou...

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain security vulnerabilities. These vulnerabilities stem from...

CVE-2026-33410

Summary: CVE-2026-33410 affects Discourse before patches 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. There are two authorization issues in the chat direct message API. First, during direct message channel creation or when adding users, the target_groups parameter is passed directly to the user res...

ROS-20251125-06

A vulnerability in the Moodle virtual learning environment is related to the disclosure of hidden group names to users, who have permission to create events in the calendar. Exploitation of the vulnerability could allow an attacker, acting remotely, to gain unauthorized access to protected...

GHSA-422V-W6C5-VQ42 Moodle exposed the names of hidden groups to users

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

EUVD-2025-35667

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...