Lucene search
+L

5 matches found

osv
osv
added 2026/03/27 7:10 a.m.3 views

BIT-DISCOURSE-2026-33393 Discourse fixes loose hostname matching in spam host allowlist

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was allowlisted...

4.3CVSS5.9AI score0.00251EPSS
Exploits0References5
cvelist
cvelist
added 2026/03/19 10:4 p.m.24 views

CVE-2026-33393 Discourse fixes loose hostname matching in spam host allowlist

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was...

4.3CVSS0.00251EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/03/19 10:4 p.m.3 views

CVE-2026-33393

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was...

4.3CVSS5.8AI score0.00251EPSS
Exploits0References5Affected Software1
vulnrichment
vulnrichment
added 2026/03/19 10:4 p.m.2 views

CVE-2026-33393 Discourse fixes loose hostname matching in spam host allowlist

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was...

4.3CVSS5.8AI score0.00251EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/03/19 12:0 a.m.14 views

PT-2026-26425

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. The allowed spam host domains check utilized Stringend with?...

4.3CVSS5.9AI score0.00251EPSS
Exploits0References7
Rows per page
Query Builder