Exposición de Discourse
Message boards83
score de exposición
2494
sitios usan
0
en explotación
2
críticos
CVEs
248 resultadosCVE-2026-34947LOWDiscourse: Staged user custom fields are exposed on public invite pagesEPSS 0.2%CVE-2026-33411MEDIUMDiscourse's solved topic stream has potential stored XSS in topic titleEPSS 0.2%CVE-2026-33427LOWDiscourse Authorization Page Displays Unvalidated Redirect DomainEPSS 0.2%CVE-2026-33425MEDIUMDiscourse has inferable private group membership or existence via exclude_groups parameterEPSS 0.2%CVE-2026-45085MEDIUMDiscourse: Chat misauthorization and information disclosureEPSS 0.2%CVE-2025-69218HIGHDiscourse moderators can access admin-only reports exposing private upload URLsEPSS 0.2%CVE-2026-32620MEDIUMDiscourse: Missing post-level authorization allows whisper metadata disclosureEPSS 0.2%CVE-2026-32618MEDIUMDiscourse: Unauthorized channel membership inference via excluded_memberships_channel_idEPSS 0.2%CVE-2026-32951MEDIUMDiscourse: Authorization bypass in oneboxer via user-controlled category idEPSS 0.2%CVE-2025-48062HIGHDiscourse vulnerable to HTML injection when inviting to topic via emailEPSS 0.2%CVE-2026-33423LOWDiscourse staff can modify any user's group notification levelEPSS 0.2%CVE-2026-28219LOWPrivilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global BannersEPSS 0.2%CVE-2026-33291MEDIUMDiscourse user can create Zendesk tickets even when it does not have access to topicEPSS 0.2%CVE-2026-32113MEDIUMDiscourse: Open redirect via `sso_destination_url` cookie in `enter`EPSS 0.2%CVE-2025-66488MEDIUMDiscourse allows script execution in uploaded HTML/XML files on S3EPSS 0.2%CVE-2026-44782MEDIUMDiscourse: GroupPostSerializer leaks hidden full names through reaction post associationEPSS 0.2%CVE-2026-44785MEDIUMDiscourse: Hidden reply-to post raw can be disclosed through AI explain promptsEPSS 0.2%CVE-2026-44780MEDIUMDiscourse: Category queue reviewers can read raw incoming emails from queued postsEPSS 0.2%CVE-2026-33415MEDIUMDiscourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content ExposureEPSS 0.2%CVE-2026-27166MEDIUMDiscourse vulnerable to HTML injection via prohibited iframe URLsEPSS 0.2%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →