Discourse

Discourse

238 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2026-32615

  • EPSS 0.03%
  • Veröffentlicht 31.03.2026 17:40:17
  • Zuletzt bearbeitet 09.04.2026 18:29:57

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, category group moderators could perform privileged actions on topics inside...

5.4

CVE-2026-32607

  • EPSS 0.03%
  • Veröffentlicht 31.03.2026 17:40:05
  • Zuletzt bearbeitet 09.04.2026 19:43:13

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, when the hidden prioritize_full_name_in_ux site setting is enabled (default...

5.4

CVE-2026-32273

  • EPSS 0.03%
  • Veröffentlicht 31.03.2026 17:39:48
  • Zuletzt bearbeitet 09.04.2026 19:43:26

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, updating a category description via API is not sanitizing the description s...

5.4

CVE-2026-32243

  • EPSS 0.03%
  • Veröffentlicht 31.03.2026 17:39:38
  • Zuletzt bearbeitet 09.04.2026 19:31:50

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an attacker with the ability to create shared AI conversations could inject...

6.1

CVE-2026-32113

  • EPSS 0.05%
  • Veröffentlicht 31.03.2026 17:39:25
  • Zuletzt bearbeitet 03.04.2026 12:45:30

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the enter action in StaticController reads the sso_destination_url cookie a...

6.5

CVE-2026-32143

  • EPSS 0.04%
  • Veröffentlicht 31.03.2026 17:39:25
  • Zuletzt bearbeitet 09.04.2026 19:42:47

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing th...

5.3

CVE-2026-33073

  • EPSS 0.03%
  • Veröffentlicht 31.03.2026 17:38:59
  • Zuletzt bearbeitet 10.04.2026 01:51:54

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the discourse-subscriptions plugin leaks stripe API keys across sites in a ...

6.5

CVE-2026-33428

  • EPSS 0.03%
  • Veröffentlicht 20.03.2026 23:21:20
  • Zuletzt bearbeitet 24.03.2026 19:41:41

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a non-staff user with elevated group membership could access deleted posts belonging to any user due to an overly broad authorization check ...

7.5

CVE-2026-33427

  • EPSS 0.06%
  • Veröffentlicht 20.03.2026 23:20:03
  • Zuletzt bearbeitet 24.03.2026 19:46:16

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an unauthenticated attacker can cause a legitimate Discourse authorization page to display an attacker-controlled domain, facilitating socia...

3.8

CVE-2026-33426

  • EPSS 0.02%
  • Veröffentlicht 20.03.2026 23:14:57
  • Zuletzt bearbeitet 24.03.2026 19:56:39

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility i...