Discourse

Discourse

252 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2026-32951

  • EPSS 0.2%
  • Veröffentlicht 31.03.2026 17:41:20
  • Zuletzt bearbeitet 09.04.2026 15:32:00

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated user can obtain shared draft topic titles by sending an in...

4.3

CVE-2026-32620

  • EPSS 0.2%
  • Veröffentlicht 31.03.2026 17:41:03
  • Zuletzt bearbeitet 09.04.2026 18:30:46

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, non-staff users could access read receipt information for staff-only posts ...

4.3

CVE-2026-32618

  • EPSS 0.2%
  • Veröffentlicht 31.03.2026 17:40:41
  • Zuletzt bearbeitet 09.04.2026 18:30:55

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, there is possible channel membership inference from chat user search withou...

4.3

CVE-2026-32619

  • EPSS 0.16%
  • Veröffentlicht 31.03.2026 17:40:41
  • Zuletzt bearbeitet 09.04.2026 18:30:09

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic (e.g., removed from a private category gro...

5.4

CVE-2026-32615

  • EPSS 0.15%
  • Veröffentlicht 31.03.2026 17:40:17
  • Zuletzt bearbeitet 09.04.2026 18:29:57

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, category group moderators could perform privileged actions on topics inside...

5.4

CVE-2026-32607

  • EPSS 0.17%
  • Veröffentlicht 31.03.2026 17:40:05
  • Zuletzt bearbeitet 09.04.2026 19:43:13

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, when the hidden prioritize_full_name_in_ux site setting is enabled (default...

5.4

CVE-2026-32273

  • EPSS 0.17%
  • Veröffentlicht 31.03.2026 17:39:48
  • Zuletzt bearbeitet 09.04.2026 19:43:26

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, updating a category description via API is not sanitizing the description s...

5.4

CVE-2026-32243

  • EPSS 0.17%
  • Veröffentlicht 31.03.2026 17:39:38
  • Zuletzt bearbeitet 09.04.2026 19:31:50

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an attacker with the ability to create shared AI conversations could inject...

6.1

CVE-2026-32113

  • EPSS 0.19%
  • Veröffentlicht 31.03.2026 17:39:25
  • Zuletzt bearbeitet 03.04.2026 12:45:30

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the enter action in StaticController reads the sso_destination_url cookie a...

6.5

CVE-2026-32143

  • EPSS 0.23%
  • Veröffentlicht 31.03.2026 17:39:25
  • Zuletzt bearbeitet 09.04.2026 19:42:47

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing th...