Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discourse discourse vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2021-43793
Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse
Discourse Discourse 2.8.0
Discourse Discourse
445
VMScore
CVE-2019-1020017
Discourse prior to 2.3.0 and 2.4.x prior to 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP.
Discourse Discourse
Discourse Discourse 2.4.0
668
VMScore
CVE-2019-1020018
Discourse prior to 2.3.0 and 2.4.x prior to 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.
Discourse Discourse
Discourse Discourse 2.4.0
NA
CVE-2022-36066
Discourse is an open source discussion platform. In versions before 2.8.9 on the `stable` branch and before 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger re...
Discourse Discourse 2.9.0
Discourse Discourse
NA
CVE-2022-36068
Discourse is an open source discussion platform. In versions before 2.8.9 on the `stable` branch and before 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The prob...
Discourse Discourse 2.9.0
Discourse Discourse
NA
CVE-2022-31182
Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse's default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stab...
Discourse Discourse
Discourse Discourse 2.9.0
187
VMScore
CVE-2022-31096
Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is a...
Discourse Discourse 2.9.0
Discourse Discourse
NA
CVE-2022-31184
Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upg...
Discourse Discourse 2.9.0
Discourse Discourse
NA
CVE-2022-39241
Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest `stable`, `beta`, and `test-passed` versions are...
Discourse Discourse 2.9.0
Discourse Discourse
NA
CVE-2023-29196
Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and the attacker’s payload must pass the CSP to be executed. However, if an atta...
Discourse Discourse 3.1.0
Discourse Discourse
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »