Filter
AND
Software
DiscourseAnonymous cache poisoning via request headers in Discourse
8.2
EPSS
0.04%
First published (updated )
Discourse Aidiscourse-ai admin-initiated SSRF when interacting with AI services
7.2
EPSS
0.04%
First published (updated )
DiscourseAnonymous cache poisoning via XHR requests in Discourse
8.2
First published (updated )
DiscoursePotential Backup file leaked via Nginx in Discourse
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DiscourseDiscourse vulnerable to Cross-site Scripting through pending post titles descriptions
8
First published (updated )
DiscourseDiscourse password reset link can lead to in account takeover if user changes to a new email
8.1
First published (updated )
DiscourseDiscourse allows self-XSS through malicious composer message
7.1
First published (updated )
Discourse Rails MultisiteSecure/signed cookies share secrets between sites in rails_multisite
8.8
First published (updated )
DiscourseDenial of service by the absence of restrictions on replies to posts in Discourse
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DiscourseBypass of email address validation via encoded email addresses in Discourse
8.2
First published (updated )
DiscourseDenial of service via User Custom Sidebar Section Unlimited Link Creation in discourse
7.5
First published (updated )
DiscourseDiscourse vulnerable to ossible DDoS due to unbounded limits in various controller actions
7.5
First published (updated )
DiscourseAnonymous cache poisoning via XHR requests in Discourse
8.2
First published (updated )
Discourse Discourse-encryptImproper escaping of encrypted topic titles can lead to Cross-site Scripting under non-default site configuration
7.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DiscourseCross-site Scripting via email preview when CSP disabled in Discourse
8
First published (updated )
Discourse Calendar pluginImproper escaping of user input in discourse-calendar
8
First published (updated )
DiscourseMalicious requests can fill up the log files resulting in a deinal of service in Discourse
7.5
First published (updated )
DiscourseUnauthenticated access to new private chat messages in Discourse
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DiscourseDiscourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via …
7.5
First published (updated )
DiscoursePrivate message title and participating users leaked in discourse
7.5
First published (updated )
DiscourseXSS via d-popover and d-html-popover attribute
7.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DiscourseIn Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for c…
7.5
First published (updated )
DiscourseDiscourse user account takeover via email and invite link
8.9
First published (updated )
DiscoursePossible Server-Side Request Forgery (SSRF) in webhooks
7.6
First published (updated )
DiscourseDiscourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimit…
7.2
First published (updated )
DiscourseDiscourse moderators can edit themes via the API
7.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.