Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discourse discourse vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-41163
Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribe_url values. This issue is patched in the latest stable, beta and tests-passed...
Discourse Discourse 2.8.0
Discourse Discourse
668
VMScore
CVE-2019-1020018
Discourse prior to 2.3.0 and 2.4.x prior to 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.
Discourse Discourse
Discourse Discourse 2.4.0
535
VMScore
CVE-2022-21684
Discourse is an open source discussion platform. Versions before 2.7.13 in `stable`, 2.8.0.beta11 in `beta`, and 2.8.0.beta11 in `tests-passed` allow some users to log in to a community before they should be able to do so. A user invited via email to a forum with `must_approve_us...
Discourse Discourse 2.8.0
Discourse Discourse
534
VMScore
CVE-2021-41263
rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be ...
Discourse Rails Multisite
490
VMScore
CVE-2022-23602
Nimforum is a lightweight alternative to Discourse written in Nim. In versions before 2.2.0 any forum user can create a new thread/post with an include referencing a file local to the host operating system. Nimforum will render the file if able. This can also be done silently by ...
Nim-lang Docutils
Nim-lang Nimforum
446
VMScore
CVE-2022-21677
Discourse is an open source discussion platform. Discourse groups can be configured with varying visibility levels for the group as well as the group members. By default, a newly created group has its visibility set to public and the group's members visibility set to public ...
Discourse Discourse 2.8.0
Discourse Discourse
446
VMScore
CVE-2021-3138
In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.
Discourse Discourse 2.7.0
Discourse Discourse
3 Github repositories
445
VMScore
CVE-2022-31060
Discourse is an open-source discussion platform. Prior to version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the `stable` branch ...
Discourse Discourse 2.9.0
Discourse Discourse
445
VMScore
CVE-2022-31025
Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the `stable` branch and 2.9.0beta5 on the `beta` and `tests-passed` branches, inviting users on sites that use single sign-on could bypass the `must_approve_users` check and invites by staff ...
Discourse Discourse 2.9.0
Discourse Discourse
445
VMScore
CVE-2022-24824
Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of...
Discourse Discourse 2.9.0
Discourse Discourse
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »