Lucene search
K

354 matches found

osv
osv
added 2026/03/31 5:42 p.m.6 views

CVE-2026-33300 Discourse: Hidden group names and access metadata are exposed to moderators through the `category-chatables` endpoint

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass in the Category Chatables Controller show action allowed moderators to get information on hidden...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References4
cvelist
cvelist
added 2026/03/31 5:42 p.m.25 views

CVE-2026-33300 Discourse: Hidden group names and access metadata are exposed to moderators through the `category-chatables` endpoint

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass in the Category Chatables Controller show action allowed moderators to get information on hidden...

5.3CVSS0.00234EPSS
Exploits0References2
euvd
euvd
added 2026/03/31 5:40 p.m.6 views

EUVD-2026-17553

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, category group moderators could perform privileged actions on topics inside private categories they did not have read acce...

5.3CVSS5.8AI score0.00153EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/03/31 5:39 p.m.2 views

CVE-2026-32143

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2026/03/31 5:39 p.m.2 views

CVE-2026-32143 Discourse: Admin-only report can be exported by moderators

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/03/31 12:0 a.m.7 views

Discourse 授权问题漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an authorization issue vulnerability that stems from a category group moderator being able to perform privileged...

5.4CVSS5.8AI score0.00153EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/03/31 12:0 a.m.9 views

PT-2026-29308

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, category group moderators could perform privileged actions on topics inside private categories they did not have read acce...

5.3CVSS5.8AI score0.00153EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/03/31 12:0 a.m.6 views

PT-2026-29319

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were n...

5.1CVSS5.7AI score0.00188EPSS
Exploits0References6
osv
osv
added 2026/03/27 7:10 a.m.3 views

BIT-DISCOURSE-2026-30889 Discourse has Unauthorized Post Data Exposure in discourse-user-notes

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, a moderator could exploit insufficient authorization checks to access metadata of posts they should not have permission to view. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch...

5.3CVSS5.9AI score0.00278EPSS
Exploits0References2
osv
osv
added 2026/03/27 7:10 a.m.2 views

BIT-DISCOURSE-2026-30888 Discourse has moderator privilege escalation via arbitrary post_id in suspend/silence endpoint

Discourse is an open-source discussion platform. Versions prior to 2026.3.0, 2026.2.1, and 2026.1.2 allow a moderator to edit site policy documents ToS, guidelines, privacy policy that they are explicitly prohibited from modifying. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. No kno...

5.5CVSS5.8AI score0.00213EPSS
Exploits0References2
osv
osv
added 2026/03/27 7:10 a.m.2 views

BIT-DISCOURSE-2026-27935 Discourse leaks private topic metadata to non-authorized users

Discourse is an open-source discussion platform. Versions prior to 2026.3.0, 2026.2.1, and 2026.1.2 have a vulnerability in an API endpoint that discloses private topic metadata of admin users to moderator users even if the moderators do not have access to the private topics. Versions 2026.3.0,...

6.9CVSS5.9AI score0.0027EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/03/26 3:18 p.m.16 views

CVE-2026-30888

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allow a moderator to edit site policy documents ToS, guidelines, privacy policy that they are explicitly prohibited from modifying. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conta...

5.5CVSS5.7AI score0.00213EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 3:16 p.m.4 views

CVE-2026-33394

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the Post Edits admin report /admin/reports/postedits leaked the first 40 characters of raw post content from private messages and secure categories to moderators who shouldn't have access...

2.7CVSS5.8AI score0.00293EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 3:11 p.m.4 views

CVE-2026-30889

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderator could exploit insufficient authorization checks to access metadata of posts they should not have permission to view. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain...

5.3CVSS5.8AI score0.00278EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 3:9 p.m.7 views

CVE-2026-27935

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a vulnerability in an API endpoint that discloses private topic metadata of admin users to moderator users even if the moderators do not have access to the private topics. Versions...

6.9CVSS5.8AI score0.0027EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 3:8 p.m.4 views

CVE-2026-33291

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2...

5.4CVSS5.8AI score0.00196EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 3:1 p.m.4 views

CVE-2026-33650

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented ...

7.6CVSS5.8AI score0.0024EPSS
Exploits1References1
osv
osv
added 2026/03/25 5:49 p.m.3 views

GHSA-8X77-F38V-4M5J AVideo: Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion

Summary A user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented as only allowing video publicity changes Active, Inactive, Unlisted. The roo...

7.6CVSS6AI score0.0024EPSS
Exploits1References4
github
github
added 2026/03/25 5:49 p.m.11 views

AVideo: Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion

Summary A user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented as only allowing video publicity changes Active, Inactive, Unlisted. The roo...

7.6CVSS6AI score0.0024EPSS
Exploits1References4Affected Software1
cnvd
cnvd
added 2026/03/24 12:0 a.m.5 views

Unspecified vulnerability in Discourse (CNVD-2026-17480)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a security vulnerability that stems from improper privilege authentication, which can be exploited by an attacker ...

6.9CVSS5.7AI score0.0027EPSS
Exploits0
Rows per page
Query Builder