27 matches found
BIT-DISCOURSE-2026-21865 Discourse topic conversion permission vulnerability for moderators
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can convert some personal messages to public topics when they shouldn't have access. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a...
CVE-2026-21865
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can convert some personal messages to public topics when they shouldn't have access. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a...
CVE-2026-21865
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can convert some personal messages to public topics when they shouldn't have access. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a...
CVE-2026-21865
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can convert some personal messages to public topics when they shouldn't have access. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a...
CVE-2026-21865 Discourse topic conversion permission vulnerability for moderators
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can convert some personal messages to public topics when they shouldn't have access. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a...
CVE-2026-21865 Discourse topic conversion permission vulnerability for moderators
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can convert some personal messages to public topics when they shouldn't have access. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a...
CVE-2026-21865
Discourse advisory CVE-2026-21865 affects Discourse versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, where moderators could convert some personal messages to public topics despite lacking access. The issue is patched in 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. Remediation options in...
PT-2026-5210
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.5.4 Discourse versions prior to 2025.11.2 Discourse versions prior to 2025.12.1 Discourse versions prior to 2026.1.0 Description Discourse is an open source discussion platform. Moderators may be able to convert...
Nextcloud: BOLA/IDOR in Out-of-Office API allows any authenticated user to read other users' absence data
Summary The Out-of-Office OOO API endpoints at /ocs/v2.php/apps/dav/api/v1/outOfOffice/userId and /ocs/v2.php/apps/dav/api/v1/outOfOffice/userId/now suffer from a Broken Object Level Authorization BOLA vulnerability. Any authenticated user can retrieve the out-of-office data of any other user by...
EUVD-2004-0272
Malware in sbrugna...
EUVD-2023-28006
Malicious code in bioql PyPI...
BIT-DISCOURSE-2023-23935 Presence of restricted personal Discourse messages may be leaked if tagged with a tag
Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the stable branch and versions 3.1.0.beta2 and prior on the beta and tests-passed branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal...
ASB-A-289242655
In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Discourse 3.1.x < 3.1.0.beta3 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescriptio...
Design/Logic Flaw
Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the stable branch and versions 3.1.0.beta2 and prior on the beta and tests-passed branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal...
CVE-2023-23935
Discourse (open-source messaging platform) contains a tag-count leakage vulnerability. In versions up to 3.0.1 on stable and up to 3.1.0.beta2 on beta/tests-passed, the count displayed for a tag sums all personal messages regardless of user visibility. This allows users to infer whether a sensiti...
CVE-2023-23935 Presence of restricted personal Discourse messages may be leaked if tagged with a tag
Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the stable branch and versions 3.1.0.beta2 and prior on the beta and tests-passed branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal...
CVE-2023-23935 Presence of restricted personal Discourse messages may be leaked if tagged with a tag
Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the stable branch and versions 3.1.0.beta2 and prior on the beta and tests-passed branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal...
PT-2023-19307 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions 3.0.1 and prior Discourse versions 3.1.0.beta2 and prior Description: The issue affects the count of personal messages displayed for a tag, which includes all personal messages regardless of visibility to a given user. This...
PT-2021-19931 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.7.7 Description: Discourse is an open source discussion platform. There are two bugs that led to the post creator of a whisper post being revealed to non-staff users. The first bug occurs when a staff user create...