CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

Positive Technologies•added yesterday•4 views

PT-2026-45800

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/classes/ForumPostReactionContext.php only verifies that the caller can view the forum, but it does not re-enforce topic-level view other topics authorization. As a result, in forums where users may enter the for...

5.3CVSS5.8AI score

Exploits0References2

ATTACKERKB•added 2026/05/27 3:3 p.m.•4 views

CVE-2026-44838

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

5.3CVSS5.8AI score0.00043EPSS

Exploits0References2Affected Software1

CNVD•added 2026/04/10 12:0 a.m.•0 views

Discourse authorization issue vulnerability (CNVD-2026-17262)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse is vulnerable to an authorization issue. The vulnerability stems from the fact that a user who loses access to a topic can stil...

6.3CVSS5.7AI score0.00049EPSS

Exploits0

RedhatCVE•added 2026/04/01 11:0 p.m.•1 views

CVE-2026-32619

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...

6.3CVSS5.8AI score0.00049EPSS

Exploits0References1

NVD•added 2026/03/31 6:16 p.m.•2 views

CVE-2026-32619

6.3CVSS0.00049EPSS

Exploits0References2

ATTACKERKB•added 2026/03/31 5:40 p.m.•2 views

CVE-2026-32619

6.3CVSS5.8AI score0.00049EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/03/31 5:40 p.m.•0 views

CVE-2026-32619 Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories

6.3CVSS5.8AI score0.00049EPSS

Exploits0References2

EUVD•added 2026/03/31 5:40 p.m.•5 views

EUVD-2026-17557

6.3CVSS5.8AI score0.00049EPSS

Exploits0References2

Positive Technologies•added 2026/03/31 12:0 a.m.•3 views

PT-2026-29310

6.3CVSS5.8AI score0.00049EPSS

Exploits0References6

CNNVD•added 2026/03/31 12:0 a.m.•5 views

Discourse 授权问题漏洞

6.3CVSS5.8AI score0.00049EPSS

Exploits0References3

Cvelist•added 2026/03/20 10:56 p.m.•17 views

CVE-2026-33291 Discourse user can create Zendesk tickets even when it does not have access to topic

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2...

5.1CVSS0.00017EPSS

Exploits0References1

CVE•added 2026/03/20 10:56 p.m.•3 views

CVE-2026-33291

The CVE concerns Discourse (with the Zendesk plugin) where moderators can create Zendesk tickets for topics they are not allowed to view. Affected versions are prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. The published fixes are included in 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, respec...

5.4CVSS5.8AI score0.00017EPSS

Exploits0References1Affected Software1

OSV•added 2026/03/20 10:56 p.m.•1 views

CVE-2026-33291 Discourse user can create Zendesk tickets even when it does not have access to topic

5.1CVSS5.9AI score0.00017EPSS

Exploits0References3

OSV•added 2025/10/05 11:40 p.m.•3 views

BIT-DISCOURSE-2025-58055 Discourse AI Suggestions Contain Insecure Direct Object Reference

Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic “Title”, “Category”, and “Tags” allowed authenticated users to extract information about topics that they weren’t authorized to access. By modifying the “topicid...

4.3CVSS6.3AI score0.00068EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-32066

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00068EPSS

Exploits0References2

Cvelist•added 2025/10/01 6:48 p.m.•7 views

CVE-2025-58055 Discourse AI Suggestions Contain Insecure Direct Object Reference

4.3CVSS0.00068EPSS

Exploits0References2

OSV•added 2025/10/01 6:48 p.m.•4 views

CVE-2025-58055 Discourse AI Suggestions Contain Insecure Direct Object Reference

4.3CVSS6.1AI score0.00068EPSS

Exploits0References6

OSV•added 2024/03/06 11:3 a.m.•12 views

BIT-DISCOURSE-2022-39378 Displaying user badges can leak topic titles to users that have no access to the topic

Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any...

5.3CVSS5.5AI score0.00289EPSS

Exploits0References2

OSV•added 2019/03/27 6:29 p.m.•0 views

UBUNTU-CVE-2018-12546

In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...

6.5CVSS7.2AI score0.00179EPSS

Exploits1References4

OSV•added 2019/03/27 6:29 p.m.•1 views

DEBIAN-CVE-2018-12546

6.5CVSS7AI score0.00179EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by