Lucene search
+L

4 matches found

Vulnrichment
Vulnrichment
added 2026/03/19 10:4 p.m.2 views

CVE-2026-33393 Discourse fixes loose hostname matching in spam host allowlist

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was...

4.3CVSS5.8AI score0.00251EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:4 p.m.3 views

CVE-2026-33393

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was...

4.3CVSS5.8AI score0.00251EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/19 10:4 p.m.6 views

CVE-2026-33393 Discourse fixes loose hostname matching in spam host allowlist

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was...

4.3CVSS5.9AI score0.00251EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.15 views

PT-2026-26425

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. The allowed spam host domains check utilized Stringend with?...

4.3CVSS5.9AI score0.00251EPSS
Exploits0References7
Rows per page
Query Builder