CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

NVD•added 2026/06/12 9:16 p.m.•12 views

CVE-2026-44783

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in...

5.4CVSS0.00148EPSS

Exploits0References1

EUVD•added 2026/06/12 8:23 p.m.•7 views

EUVD-2026-36586

5.4CVSS5.3AI score0.00148EPSS

Exploits0References1

Vulnrichment•added 2026/06/12 8:23 p.m.•7 views

CVE-2026-44783 Discourse: Replying to a whisper lets non-whisperers create staff-only whisper posts

5.4CVSS5.3AI score0.00148EPSS

Exploits0References1

Cvelist•added 2026/06/12 8:23 p.m.•29 views

CVE-2026-44783 Discourse: Replying to a whisper lets non-whisperers create staff-only whisper posts

5.4CVSS0.00148EPSS

Exploits0References1

Positive Technologies•added 2026/06/12 12:0 a.m.•12 views

PT-2026-48980

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0-latest through 2026.1.3 Discourse versions 2026.3.0-latest through 2026.3.0 Discourse versions 2026.4.0-latest through 2026.4.0 Description A flaw in the handling of replies to whisper posts allows authenticated use...

5.4CVSS5.2AI score0.00148EPSS

Exploits0References5

NVD•added 2026/03/19 10:16 p.m.•16 views

CVE-2026-33355

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...

6.5CVSS0.00414EPSS

Exploits0References4

OSV•added 2026/03/03 1:29 p.m.•5 views

BIT-DISCOURSE-2026-27162 DIscourse doesn't prevent whispers to leak in excerpts

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, postsnearby was checking topic access but then returning all posts regardless of type, including whispers that should only be visible to whisperers. Use Post.securedguardian to properly filter po...

7.1CVSS5.9AI score0.00227EPSS

Exploits0References2

RedhatCVE•added 2026/02/28 1:55 a.m.•6 views

CVE-2026-27162

7.1CVSS5.9AI score0.00227EPSS

Exploits0References1

NVD•added 2026/02/26 9:28 p.m.•6 views

CVE-2026-27162

7.1CVSS0.00227EPSS

Exploits0References1

ATTACKERKB•added 2026/02/26 7:58 p.m.•0 views

CVE-2026-27162

7.1CVSS5.8AI score0.00227EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/02/26 7:58 p.m.•0 views

CVE-2026-27162 DIscourse doesn't prevent whispers to leak in excerpts

7.1CVSS5.9AI score0.00227EPSS

Exploits0References1

Cvelist•added 2026/02/26 7:58 p.m.•22 views

CVE-2026-27162 DIscourse doesn't prevent whispers to leak in excerpts

7.1CVSS0.00227EPSS

Exploits0References1

OSV•added 2026/02/26 7:58 p.m.•2 views

CVE-2026-27162 DIscourse doesn't prevent whispers to leak in excerpts

7.1CVSS5.9AI score0.00227EPSS

Exploits0References3

EUVD•added 2026/02/26 7:58 p.m.•3 views

EUVD-2026-8892

7.1CVSS5.4AI score0.00227EPSS

Exploits0References1

Positive Technologies•added 2026/02/26 12:0 a.m.•9 views

PT-2026-22188

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse, an open source discussion platform, had an issue where the posts nearby function was not properly filtering...

7.1CVSS5.8AI score0.00227EPSS

Exploits0References9

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-29116

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00397EPSS

Exploits0References2

OSV•added 2025/07/01 8:3 a.m.•3 views

BIT-DISCOURSE-2025-49845 Discourse users are able to see their own whispers even after being removed from a group that has been configured to see whispers

Discourse is an open-source discussion platform. The visibility of posts typed whisper is controlled via the whispersallowedgroups site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed whisper. However, it has been discovered that users of...

7.5CVSS5.9AI score0.00299EPSS

Exploits0References2

RedhatCVE•added 2025/06/27 4:21 p.m.•5 views

CVE-2025-49845

7.5CVSS6.8AI score0.00299EPSS

Exploits0References1

Cvelist•added 2025/06/25 3:39 p.m.•7 views

CVE-2025-49845 Discourse users are able to see their own whispers even after being removed from a group that has been configured to see whispers

6.3CVSS0.00299EPSS

Exploits0References1

CVE•added 2025/06/25 3:39 p.m.•31 views

CVE-2025-49845

Discourse has a vulnerability (CVE-2025-49845) where users on versions prior to 3.4.6 (stable) or 3.5.0.beta8-dev (tests-passed) can still view their own whispers after losing visibility to posts typed whisper. The issue is fixed in 3.4.6 and 3.5.0.beta8-dev. No publicly provided workarounds are ...

7.5CVSS6.8AI score0.00299EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by