Lucene search
K

4 matches found

OSV
OSV
added 2026/04/07 8:44 a.m.6 views

BIT-DISCOURSE-2026-32951 Discourse: Authorization bypass in oneboxer via user-controlled category id

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, an authenticated user can obtain shared draft topic titles by sending an inline onebox request with a categoryid parameter matching the shared drafts category. This issue h...

4.3CVSS5.7AI score0.00201EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 5:41 p.m.1 views

CVE-2026-32951

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated user can obtain shared draft topic titles by sending an inline onebox request with a categoryid parameter...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 5:41 p.m.2 views

CVE-2026-32951 Discourse: Authorization bypass in oneboxer via user-controlled category id

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated user can obtain shared draft topic titles by sending an inline onebox request with a categoryid parameter...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References2
CVE
CVE
added 2026/03/31 5:41 p.m.19 views

CVE-2026-32951

Discourse suffers an authorization bypass affecting access to shared draft topic titles via an inline onebox request. Affected versions: 2026.1.0-latest to before 2026.1.3; 2026.2.0-latest to before 2026.2.2; and 2026.3.0-latest to before 2026.3.0. An authenticated user can obtain shared draft ti...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder