Filters
Discourse DiscourseDiscourse DoS via SvgSprite cache
6.5
First published (updated )
Discourse DiscourseDiscourse DoS via remote theme assets
6.5
First published (updated )
Discourse DiscourseDiscourse DoS via 2FA and Security Key Names
6.5
First published (updated )
Discourse DiscourseDiscourse's restricted tag information visible to unauthenticated users
4.3
First published (updated )
Discourse DiscourseDiscourse vulnerable to ossible DDoS due to unbounded limits in various controller actions
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscourseDiscourse vulnerable to DoS via defer queue
6.5
EPSS
0.04%
First published (updated )
Discourse DiscourseDiscourse vulnerable to DoS via post edit reason
4.3
EPSS
0.04%
First published (updated )
Discourse DiscourseDiscourse Race Condition in Accept Invite
3.1
First published (updated )
Discourse DiscourseDiscourse CSP nonce reuse vulnerability for anonymous users
6.8
First published (updated )
Discourse DiscourseTopic Title Validation Skipped When Changing Category in Discourse
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscourseCSP nonce reuse vulnerability in Discourse
6.8
First published (updated )
Discourse DiscourseDenial of service via admin theme import route in Discourse
2.7
First published (updated )
Discourse DiscoursePresence of restricted personal Discourse messages may be leaked if tagged with a tag
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscourseDiscourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3…
4.3
First published (updated )
Discourse DiscourseDiscourse vulnerable to Cross-site Scripting in local oneboxes
8.8
First published (updated )
Discourse DiscourseDiscourse vulnerable to Cross-site Scripting through tag descriptions
6.8
First published (updated )
Discourse DiscourseDiscourse vulnerable to Cross-site Scripting through pending post titles descriptions
8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscourseDiscourse vulnerable to exposure of user post counts per topic to unauthorized users
5.3
First published (updated )
Discourse DiscourseDiscourse password reset link can lead to in account takeover if user changes to a new email
8.1
First published (updated )
Discourse DiscourseDiscourse vulnerable to private topic leak via email#send_digest
5.5
First published (updated )
Discourse DiscourseGroup SMTP user emails are exposed in CC email header
3.5
First published (updated )
Discourse DiscourseDiscourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch an…
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscourseDiscourse vulnerable to bypass of post max_length using HTML comments
6.5
First published (updated )
Discourse DiscourseAny authenticated Discourse user can create an unlisted topic
4.3
First published (updated )
Discourse DiscourseDiscourse may allow exposure of hidden tags in the subject of notification emails
4.3
First published (updated )
Discourse DiscourseDiscourse allows self-XSS through malicious composer message
7.1
First published (updated )
Discourse DiscourseDiscourse chat messages should have a maximum character limit
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscourseDiscourse users can see notifications for topics they no longer have access to
4.3
First published (updated )
Discourse DiscourseUsers erroneously and transparently added to private messages in Discourse
6.5
First published (updated )
Discourse DiscourseDisplaying user badges can leak topic titles to users that have no access to the topic
5.3
First published (updated )
Discourse DiscoursePossible Server-Side Request Forgery (SSRF) in webhooks
7.6
First published (updated )
Discourse DiscourseDiscourse user account takeover via email and invite link
8.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscourseDiscourse user profile location and website fields were not sufficiently length-limited
4.3
First published (updated )
Discourse DiscourseDiscourse moderators can edit themes via the API
7.2
First published (updated )
Discourse DiscourseDiscourse vulnerable to RCE via admins uploading maliciously zipped file
9.1
First published (updated )
Discourse DiscourseEmail activation route can be abused by spammers in Discourse
7.5
First published (updated )
Discourse DiscourseInvites restricted to an email or invite links restricted to an email domain may be bypassed by a under certain conditions in Discourse
5.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscourseBanner topic data is exposed on login-required Discourse sites
5.3
First published (updated )
Discourse DiscourseInvite bypasses user approval in Discourse
5.3
First published (updated )
Discourse DiscourseCategory group permissions leaked in Discourse
5.3
First published (updated )
Discourse DiscourseAnonymous user cache poisoning in discourse
5.3
First published (updated )
Discourse DiscoursePrivate group name exposure in discourse
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.