14 matches found
BIT-DISCOURSE-2026-33355 Discourse filters whisper posts from private-posts feed
Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0, 2026.2.1, and...
CVE-2026-33355
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...
CVE-2026-33355 Discourse filters whisper posts from private-posts feed
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...
CVE-2026-33355
Discourse (open-source) is affected by CVE-2026-33355. The vulnerability affects the /private-posts endpoint where post-type visibility filtering was not applied, enabling regular PM participants to see whisper posts in PM topics to which they had access. Affected versions are 2026.3.0-latest.1, ...
CVE-2026-33355
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...
EUVD-2026-13337
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...
CVE-2026-33355 Discourse filters whisper posts from private-posts feed
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...
CVE-2026-33355 Discourse filters whisper posts from private-posts feed
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...
PT-2026-26424
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. The /private-posts API endpoint did not apply post-type...
EUVD-2025-19108
Malicious code in bioql PyPI...
CVE-2025-49845
Discourse is an open-source discussion platform. The visibility of posts typed whisper is controlled via the whispersallowedgroups site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed whisper. However, it has been discovered that users of...
CVE-2025-49845 Discourse users are able to see their own whispers even after being removed from a group that has been configured to see whispers
Discourse is an open-source discussion platform. The visibility of posts typed whisper is controlled via the whispersallowedgroups site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed whisper. However, it has been discovered that users of...
PT-2025-26841 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.4.6 Discourse versions prior to 3.5.0.beta8-dev Description: Discourse is an open-source discussion platform where the visibility of posts typed whisper is controlled via the whispers allowed groups site setting...
PT-2021-19931 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.7.7 Description: Discourse is an open source discussion platform. There are two bugs that led to the post creator of a whisper post being revealed to non-staff users. The first bug occurs when a staff user create...