CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

CNVD•added 2026/04/10 12:0 a.m.•4 views

Discourse Information Disclosure Vulnerability (CNVD-2026-17258)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from non-employee users having access to read receipt informati...

5.3CVSS5.7AI score0.00201EPSS

Exploits0

Cvelist•added 2026/03/31 5:41 p.m.•21 views

CVE-2026-32620 Discourse: Missing post-level authorization allows whisper metadata disclosure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, non-staff users could access read receipt information for staff-only posts they weren't supposed to see. No post content w...

5.3CVSS0.00201EPSS

Exploits0References2

ATTACKERKB•added 2026/03/31 5:41 p.m.•0 views

CVE-2026-32620

5.3CVSS5.8AI score0.00201EPSS

Exploits0References3Affected Software1

EUVD•added 2026/03/31 5:41 p.m.•2 views

EUVD-2026-17559

5.3CVSS5.8AI score0.00201EPSS

Exploits0References2

Vulnrichment•added 2026/03/31 5:41 p.m.•1 views

CVE-2026-32620 Discourse: Missing post-level authorization allows whisper metadata disclosure

5.3CVSS5.8AI score0.00201EPSS

Exploits0References2

OSV•added 2026/03/31 5:41 p.m.•4 views

CVE-2026-32620 Discourse: Missing post-level authorization allows whisper metadata disclosure

5.3CVSS5.8AI score0.00201EPSS

Exploits0References4

Github Security Blog•added 2025/11/18 6:32 p.m.•13 views

Mattermost allows other users to determine when users had read channels via channel member objects

Mattermost versions 10.11.x = 10.11.3, and 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

3.5CVSS6.5AI score0.00145EPSS

Exploits0References8Affected Software2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-0133

Malicious code in bioql PyPI...

4.3CVSS6AI score0.0065EPSS

Exploits0References13

Tenable Nessus•added 2025/08/27 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2023-42453

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event if they kn...

4.3CVSS6AI score0.0065EPSS

Exploits0References2

Tenable Nessus•added 2024/01/09 12:0 a.m.•56 views

GLSA-202401-12 : Synapse: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-12 Synapse: Multiple Vulnerabilities - Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the serve...

5.3CVSS6.3AI score0.01166EPSS

Exploits0References7

Tenable Nessus•added 2023/11/07 12:0 a.m.•40 views

Fedora 39 : matrix-synapse (2023-4d4c73a8f0)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-4d4c73a8f0 advisory. Update to v1.94.0 CVE-2023-45129 ---- Update to v1.93.0 CVE-2023-41335, CVE-2023-42453 Tenable has extracted the preceding description block directl...

4.9CVSS6.3AI score0.01166EPSS

Exploits0References4

Tenable Nessus•added 2023/10/06 12:0 a.m.•31 views

Fedora 37 : matrix-synapse (2023-5d980e6aaf)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-5d980e6aaf advisory. Backport fixes for CVE-2023-41335, CVE-2023-42453 Tenable has extracted the preceding description block directly from the Fedora security advisory...

4.3CVSS6.3AI score0.0065EPSS

Exploits0References3

Tenable Nessus•added 2023/10/06 12:0 a.m.•28 views

Fedora 38 : matrix-synapse (2023-84ee781688)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-84ee781688 advisory. Update to v1.93.0 CVE-2023-41335, CVE-2023-42453 Tenable has extracted the preceding description block directly from the Fedora security advisory...

4.3CVSS6.3AI score0.0065EPSS

Exploits0References3

Veracode•added 2023/09/28 7:14 a.m.•22 views

Improper Authorization

Synapse is vulnerable to Improper Authorization. The vulnerability is due to a flaw that allowed users to forge read receipts for any event. The attacker can mark any event as read even if he/she was not in the room...

4.3CVSS6.6AI score0.0065EPSS

Exploits0References8Affected Software3

SUSE CVE•added 2023/09/28 1:44 a.m.•1 views

SUSE CVE-2023-42453

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event if they knew the room ID and event ID. Note that the users were not able to view the events, but simply mark it as read. This could be confusing as...

4.3CVSS8.5AI score0.0065EPSS

Exploits0References3