Lucene search
K

9 matches found

NVD
NVD
added 2026/03/19 10:16 p.m.17 views

CVE-2026-33355

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...

6.5CVSS0.00414EPSS
Exploits0References4
NVD
NVD
added 2026/02/26 9:28 p.m.7 views

CVE-2026-27162

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, postsnearby was checking topic access but then returning all posts regardless of type, including whispers that should only be visible to whisperers. Use Post.securedguardian to properly filter po...

7.1CVSS0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/26 7:58 p.m.0 views

CVE-2026-27162 DIscourse doesn't prevent whispers to leak in excerpts

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, postsnearby was checking topic access but then returning all posts regardless of type, including whispers that should only be visible to whisperers. Use Post.securedguardian to properly filter po...

7.1CVSS5.9AI score0.00227EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/26 7:58 p.m.1 views

CVE-2026-27162

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, postsnearby was checking topic access but then returning all posts regardless of type, including whispers that should only be visible to whisperers. Use Post.securedguardian to properly filter po...

7.1CVSS5.8AI score0.00227EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.11 views

PT-2026-22188

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse, an open source discussion platform, had an issue where the posts nearby function was not properly filtering...

7.1CVSS5.8AI score0.00227EPSS
Exploits0References9
OSV
OSV
added 2025/07/01 8:3 a.m.3 views

BIT-DISCOURSE-2025-49845 Discourse users are able to see their own whispers even after being removed from a group that has been configured to see whispers

Discourse is an open-source discussion platform. The visibility of posts typed whisper is controlled via the whispersallowedgroups site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed whisper. However, it has been discovered that users of...

7.5CVSS5.9AI score0.00337EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/27 4:21 p.m.6 views

CVE-2025-49845

Discourse is an open-source discussion platform. The visibility of posts typed whisper is controlled via the whispersallowedgroups site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed whisper. However, it has been discovered that users of...

7.5CVSS6.8AI score0.00337EPSS
Exploits0References1
CVE
CVE
added 2025/06/25 3:39 p.m.33 views

CVE-2025-49845

Discourse has a vulnerability (CVE-2025-49845) where users on versions prior to 3.4.6 (stable) or 3.5.0.beta8-dev (tests-passed) can still view their own whispers after losing visibility to posts typed whisper. The issue is fixed in 3.4.6 and 3.5.0.beta8-dev. No publicly provided workarounds are ...

7.5CVSS6.8AI score0.00337EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/06/25 3:39 p.m.8 views

CVE-2025-49845 Discourse users are able to see their own whispers even after being removed from a group that has been configured to see whispers

Discourse is an open-source discussion platform. The visibility of posts typed whisper is controlled via the whispersallowedgroups site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed whisper. However, it has been discovered that users of...

6.3CVSS0.00337EPSS
Exploits0References1
Rows per page
Query Builder