Unspecified vulnerability in Discourse (CNVD-2026-17483)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a security vulnerability that stems from a user with tag editing privileges being able to edit and create synonyms...

CVE-2026-33426

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0-latest.1,...

CVE-2026-33426

CVE-2026-33426 affects Discourse. Before versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 , users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they could not see those tags. A patch is included in versions 2026.3.0-latest.1, 2026....

CVE-2026-33426 Discourse users can edit or synonymize hidden tags they can't see

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0-latest.1,...

EUVD-2026-13908

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0-latest.1,...

PT-2026-26710

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Users with tag-editing permissions could modify and create...

Malicious code in turkish-synonyms-api (npm)

The package turkish-synonyms-api was found to contain malicious code...

radio-paradise-api (=0.0.1), turkish-synonyms-api (=0.0.0) potentially affected by unknown CVE via memoize-with-leveldb (>=0.0.1 <=2.0.0)

memoize-with-leveldb NPM version =0.0.1, =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on memoize-with-leveldb and may be impacted: - radio-paradise-api =0.0.1 - turkish-synonyms-api =0.0.0 Source cves: unknown CVE Source advisory:...

MAL-2025-37318 Malicious code in turkish-synonyms-api (npm)

The package turkish-synonyms-api was found to contain malicious code...

SUSE CVE-2009-2079

Cross-site scripting XSS vulnerability in the administrative page interface in Taxonomy manager 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to injec...

Google Chrome Domain Spoofing Vulnerability (CNVD-2019-01760)

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A domain spoofing vulnerability exists in Google Chrome. The vulnerability stems from the URL Formatter in Google Chrome mishandling obfuscated characters. A remote...

Google Chrome Omnibox Spoofing Vulnerability (CNVD-2018-20141)

Google Chrome is a web browser developed by Google, Inc. and Omnibox is a real-time search engine. A security vulnerability exists in Omnibox in versions of Google Chrome prior to 63.0.3239.84, which stems from insufficient policy enforcement. The vulnerability can be exploited by remote attacker...

Google Chrome Omnibox Spoofing Vulnerability (CNVD-2018-20140)

Google Chrome is a web browser developed by Google, Inc. and Omnibox is a real-time search engine. A security vulnerability exists in Omnibox in versions of Google Chrome prior to 63.0.3239.84, which stems from insufficient policy enforcement. The vulnerability can be exploited by remote attacker...

PT-2009-4532 · Drupal · Drupal Taxonomy Manager

Name of the Vulnerable Software and Affected Versions: Drupal Taxonomy manager versions 5.x before 5.x-1.2 Drupal Taxonomy manager versions 6.x before 6.x-1.1 Description: A cross-site scripting XSS issue exists in the administrative page interface of the Taxonomy manager module for Drupal. This...