CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

139 matches found

Cvelist•added 2026/06/12 8:25 p.m.•28 views

CVE-2026-45085 Discourse: Chat misauthorization and information disclosure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users...

5.3CVSS0.00204EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:26 p.m.•7 views

CVE-2026-40929

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/commentDelete.json.php is a state-mutating JSON endpoint that deletes comments but performs no CSRF validation. It does not call forbidIfIsUntrustedRequest, does not verify a CSRF/global token, and does not check...

5.4CVSS5.3AI score0.00113EPSS

Exploits1References1

NVD•added 2026/05/16 4:16 p.m.•11 views

CVE-2020-37233

WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like...

6.4CVSS0.00235EPSS

Exploits0References3

CVE•added 2026/04/21 10:16 p.m.•13 views

CVE-2026-40929

WWBN AVideo 29.0 and earlier: the endpoint objects/commentDelete.json.php mutates state to delete comments without CSRF validation, lacking forbidIfIsUntrustedRequest(), CSRF/global token, or Origin/Referer checks. Because session.cookie_samesite=None, cross-site requests from attacker pages carr...

5.4CVSS5.6AI score0.00113EPSS

Exploits1References2Affected Software1

OSV•added 2026/04/07 8:44 a.m.•3 views

BIT-DISCOURSE-2026-33300 Discourse: Hidden group names and access metadata are exposed to moderators through the `category-chatables` endpoint

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, an authorization bypass in the Category Chatables Controller show action allowed moderators to get information on hidden groups names and user count. This issue has been...

6.5CVSS5.8AI score0.00234EPSS

Exploits0References3

OSV•added 2026/04/07 8:43 a.m.•3 views

BIT-DISCOURSE-2026-32615 Discourse: Category group moderators can perform actions on topics in restricted categories without read access

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, category group moderators could perform privileged actions on topics inside private categories they did not have read access to. This issue has been patched in versions...

5.4CVSS5.7AI score0.00153EPSS

Exploits0References3

OSV•added 2026/04/07 8:43 a.m.•5 views

BIT-DISCOURSE-2026-32143 Discourse: Admin-only report can be exported by moderators

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could expose sensitive operational data intended only for...

6.5CVSS5.7AI score0.00234EPSS

Exploits0References3

RedhatCVE•added 2026/04/01 11:0 p.m.•3 views

CVE-2026-32615

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, category group moderators could perform privileged actions on topics inside private categories they did not have read acce...

5.4CVSS5.8AI score0.00153EPSS

Exploits0References1

NVD•added 2026/03/31 6:16 p.m.•5 views

CVE-2026-32615

5.4CVSS0.00153EPSS

Exploits0References2

Cvelist•added 2026/03/31 5:42 p.m.•26 views

CVE-2026-33415 Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were n...

5.1CVSS0.00188EPSS

Exploits0References2

CVE•added 2026/03/31 5:40 p.m.•9 views

CVE-2026-32615

Discourse vulnerability CVE-2026-32615 affects the open-source platform in versions 2026.1.0-latest through before 2026.1.3, 2026.2.0-latest through before 2026.2.2, and 2026.3.0-latest through before 2026.3.0. The issue allowed category group moderators to perform privileged actions on topics in...

5.4CVSS5.8AI score0.00153EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/03/31 5:40 p.m.•28 views

CVE-2026-32615 Discourse: Category group moderators can perform actions on topics in restricted categories without read access

5.3CVSS0.00153EPSS

Exploits0References2

ATTACKERKB•added 2026/03/31 5:40 p.m.•3 views

CVE-2026-32615

5.3CVSS5.8AI score0.00153EPSS

Exploits0References3Affected Software1

OSV•added 2026/03/31 5:40 p.m.•5 views

CVE-2026-32615 Discourse: Category group moderators can perform actions on topics in restricted categories without read access

5.3CVSS5.8AI score0.00153EPSS

Exploits0References4

Cvelist•added 2026/03/31 5:39 p.m.•22 views

CVE-2026-32143 Discourse: Admin-only report can be exported by moderators

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...

5.3CVSS0.00234EPSS

Exploits0References2

EUVD•added 2026/03/31 5:39 p.m.•3 views

EUVD-2026-17548

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...

5.3CVSS5.8AI score0.00234EPSS

Exploits0References2

OSV•added 2026/03/31 5:39 p.m.•2 views

CVE-2026-32143 Discourse: Admin-only report can be exported by moderators

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...

5.3CVSS5.8AI score0.00234EPSS

Exploits0References4

Positive Technologies•added 2026/03/31 12:0 a.m.•2 views

PT-2026-29304

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...

5.3CVSS5.8AI score0.00234EPSS

Exploits0References6

OSV•added 2026/03/27 7:10 a.m.•4 views

BIT-DISCOURSE-2026-33408 Discourse has Improper Authorization in "Post Edits" Report For Moderators

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, moderators were able to see the first 40 characters of post edits in PMs and private categories. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available...

2.7CVSS5.9AI score0.00277EPSS

Exploits0References5

OSV•added 2026/03/27 7:10 a.m.•2 views

BIT-DISCOURSE-2026-33394 Discourse leaks PM post edits to moderators

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, the Post Edits admin report /admin/reports/postedits leaked the first 40 characters of raw post content from private messages and secure categories to moderators who shouldn't have access. Version...

2.7CVSS5.9AI score0.00293EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by