Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

973 matches found

NVD
NVDadded 2026/02/26 10:20 p.m.7 views

CVE-2026-28219

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST...

5.3CVSS0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/02/26 9:27 p.m.3 views

CVE-2026-28227

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users can publish topics into staff-only categories via the publishtocategory topic timer, bypassing authorization checks. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known...

5.1CVSS5.8AI score0.0018EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/26 9:27 p.m.3 views

CVE-2026-28227 Discourse Vulnerable to Unauthorized Topic Creation in Staff-Only Categories via Topic Timer publish_to_category

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users can publish topics into staff-only categories via the publishtocategory topic timer, bypassing authorization checks. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known...

5.1CVSS5.9AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/02/26 9:27 p.m.16 views

CVE-2026-28227 Discourse Vulnerable to Unauthorized Topic Creation in Staff-Only Categories via Topic Timer publish_to_category

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users can publish topics into staff-only categories via the publishtocategory topic timer, bypassing authorization checks. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known...

5.1CVSS0.0018EPSS
Exploits0References1
CVE
CVEadded 2026/02/26 9:27 p.m.18 views

CVE-2026-28227

CVE-2026-28227 affects Discourse. Before versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users could publish topics into staff-only categories via the publish_to_category timer, bypassing authorization checks. Versions 2025.12.2, 2026.1.1, and 2026.2.0 contain patches. No known workarounds are pr...

5.1CVSS5.4AI score0.0018EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2026/02/26 9:27 p.m.4 views

CVE-2026-28227 Discourse Vulnerable to Unauthorized Topic Creation in Staff-Only Categories via Topic Timer publish_to_category

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users can publish topics into staff-only categories via the publishtocategory topic timer, bypassing authorization checks. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known...

5.1CVSS5.9AI score0.0018EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/02/26 9:25 p.m.2 views

CVE-2026-28219

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST...

5.3CVSS5.7AI score0.00197EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/02/26 9:25 p.m.19 views

CVE-2026-28219 Privilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global Banners

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST...

5.3CVSS0.00197EPSS
Exploits0References1
CVE
CVEadded 2026/02/26 9:25 p.m.21 views

CVE-2026-28219

Product/Component: Discourse open source platform. Vulnerability: Improper authorization check in topic management lets authenticated users alter privileged topic attributes via PUT/POST, elevating a topic’s status to a site-wide notice or banner. Affected versions: before 2025.12.2, 2026.1.1, an...

5.3CVSS5.3AI score0.00197EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2026/02/26 8:31 p.m.3 views

CVE-2026-27509

Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 EDU do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programmingactuator/request handled by actuatormanager.py. A network-adjacent, unauthenticated attacker can join DDS domain 0 and publis...

8CVSS6AI score0.00481EPSS
Exploits1References3
NVD
NVDadded 2026/02/26 8:31 p.m.9 views

CVE-2026-27509

Unitree Go2 firmware versions V1.1.7 through V1.1.9, and V1.1.11 EDU do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programmingactuator/request handled by actuatormanager.py. A network-adjacent, unauthenticated attacker can join DDS domain 0 and publi...

8.5CVSS0.00481EPSS
Exploits1References3
NVD
NVDadded 2026/02/26 8:31 p.m.5 views

CVE-2026-26979

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users are able to close, archive and pin topics in private categories they don't have access to. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available...

2.7CVSS0.00168EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/02/26 7:58 p.m.0 views

CVE-2026-27162 DIscourse doesn't prevent whispers to leak in excerpts

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, postsnearby was checking topic access but then returning all posts regardless of type, including whispers that should only be visible to whisperers. Use Post.securedguardian to properly filter po...

7.1CVSS5.9AI score0.00227EPSS
Exploits0References1
CVE
CVEadded 2026/02/26 7:57 p.m.10 views

CVE-2026-27151

Discourse prior to versions 2025.12.2, 2026.1.1, and 2026.2.0 had a validation flaw where move_posts checked only source topic write permissions and did not validate destination topic permissions, allowing TL4 users and category moderators to move posts into topics in categories with read-only or...

5.3CVSS5.4AI score0.00154EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/02/26 7:25 p.m.3 views

CVE-2026-26979

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users are able to close, archive and pin topics in private categories they don't have access to. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available...

2.7CVSS5.8AI score0.00168EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/02/26 7:25 p.m.22 views

CVE-2026-26979 Discourse: TL4 users are able to change status of restricted topics

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users are able to close, archive and pin topics in private categories they don't have access to. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available...

0.00168EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/02/26 12:0 a.m.5 views

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse before 2025.12.2, 2026.1.1, and 2026.2.0 contain security vulnerabilities. These vulnerabilities stem...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/02/26 12:0 a.m.4 views

PT-2026-22176

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, Trust Level 4 TL4...

2.7CVSS6AI score0.00168EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2026/02/26 12:0 a.m.4 views

PT-2026-22196

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description An improper authorization check in the topic management logic allows authenticated users to modify privileged attribute...

5.3CVSS6AI score0.00197EPSS
Exploits0References7
Veracode
Veracodeadded 2026/02/20 9:21 a.m.4 views

Cross Site Scripting (XSS)

Agora is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input handling of the topicName parameter in client/agora/public/js/editorManager.js, which allows an attacker to inject malicious scripts that execute in a user’s browser...

6.4CVSS6AI score0.00218EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder