Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discourse discourse vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-31060
Discourse is an open-source discussion platform. Prior to version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the `stable` branch ...
Discourse Discourse 2.9.0
Discourse Discourse
2.1
CVSSv2
CVE-2022-31096
Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is a...
Discourse Discourse 2.9.0
Discourse Discourse
NA
CVE-2022-31184
Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upg...
Discourse Discourse 2.9.0
Discourse Discourse
5
CVSSv2
CVE-2019-1020017
Discourse prior to 2.3.0 and 2.4.x prior to 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP.
Discourse Discourse
Discourse Discourse 2.4.0
4
CVSSv2
CVE-2021-43793
Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse
Discourse Discourse 2.8.0
Discourse Discourse
4
CVSSv2
CVE-2021-43850
Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vulnerability is greater on multisite Discourse instances (where multiple forums ar...
Discourse Discourse
Discourse Discourse 2.8.0
NA
CVE-2023-34250
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the a...
Discourse Discourse 3.1.0
Discourse Discourse
NA
CVE-2023-45131
Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known ...
Discourse Discourse
Discourse Discourse 3.2.0
NA
CVE-2023-45147
Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discou...
Discourse Discourse
Discourse Discourse 3.2.0
NA
CVE-2022-41921
Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text. Users should upgrade to version 2.9.0.beta13, where a limit ...
Discourse Discourse 2.9.0
Discourse Discourse
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »