Vulnerabilidades en Discourse
279 resultadosCVE-2024-52794MEDIUMMagnific lightbox susceptible to Cross-site Scripting in DiscourseEPSS 0.3%CVE-2025-59337MEDIUMDiscourse: Cross-Site Data Exposure via Backup Restore Metacommand Injection in Multisite DeploymentsEPSS 0.3%CVE-2026-27935MEDIUMDiscourse leaks private topic metadata to non-authorized usersEPSS 0.3%CVE-2023-45147MEDIUMArbitrary keys can be added to a topic's custom fields by any user in DiscourseEPSS 0.3%CVE-2025-46824LOWDiscourse Code Review Plugin vulnerable to XSS via auto link commitsEPSS 0.3%CVE-2024-53994MEDIUMPotential bypass of chat permissions in DiscourseEPSS 0.3%CVE-2023-45816LOWUnread bookmark reminder notifications that the user cannot access can be seenEPSS 0.3%CVE-2026-44786HIGHDiscourse: Public chat MessageBus broadcasts are not restricted to chat-eligible usersEPSS 0.3%CVE-2024-53266MEDIUMCross-site Scripting (XSS) via topic titles when CSP disabled in DiscourseEPSS 0.3%CVE-2026-24742MEDIUMDiscourse staff action logs expose sensitive information to moderatorsEPSS 0.3%CVE-2026-27934HIGHDiscourse leaks private topic title and post excerpt via user action API endpointEPSS 0.3%CVE-2026-33393MEDIUMDiscourse fixes loose hostname matching in spam host allowlistEPSS 0.3%CVE-2026-33514MEDIUMDiscourse: Information Disclosure in Form Template API Due to Missing AuthorizationEPSS 0.3%CVE-2024-52589LOWModerators can view Screened emails even when the “moderators view emails” option is disabled in DiscourseEPSS 0.2%CVE-2026-23743MEDIUMDiscourse allows permalinks to restricted resources to leak resource slugs to unauthorized usersEPSS 0.2%CVE-2024-45303MEDIUMDiscourse Calendar plugin event names susceptible to XSSEPSS 0.2%CVE-2025-64528MEDIUMUsers are able to find users by name even when `enable_names` is offEPSS 0.2%CVE-2026-26077MEDIUMDiscourse doesn't ensure webhooks require a tokenEPSS 0.2%CVE-2024-43408MEDIUMDiscourse Placeholder Forms has a XSS stopped by CSPEPSS 0.2%CVE-2023-37904LOWDiscourse Race Condition in Accept InviteEPSS 0.2%