Vulnerabilidades en Discourse
279 resultadosCVE-2026-26265HIGHDiscourse has IDOR vulnerability in the directory items endpointEPSS 0.2%CVE-2025-68666MEDIUMDiscourse users archives leaked to users with moderation privilegesEPSS 0.2%CVE-2025-23023HIGHAnonymous cache poisoning via request headers in DiscourseEPSS 0.2%CVE-2024-55948HIGHAnonymous cache poisoning via XHR requests in DiscourseEPSS 0.2%CVE-2026-44779MEDIUMDiscourse: Bot debug endpoints disclose whisper translation audit logsEPSS 0.2%CVE-2025-68934MEDIUMDiscourse Has Denial of Service (DoS) Vulnerability in Drafts Creation EndpointEPSS 0.2%CVE-2026-33300MEDIUMDiscourse: Hidden group names and access metadata are exposed to moderators through the `category-chatables` endpointEPSS 0.2%CVE-2026-32143MEDIUMDiscourse: Admin-only report can be exported by moderatorsEPSS 0.2%CVE-2026-32244MEDIUMDiscourse: Cached outdated summaries can leak removed contentEPSS 0.2%CVE-2025-58055MEDIUMDiscourse AI Suggestions Contain Insecure Direct Object ReferenceEPSS 0.2%CVE-2026-44784MEDIUMDiscourse: Non-staff group owners can see email password in plaintext through group historyEPSS 0.2%CVE-2026-33395MEDIUMDiscourse has stored click‑based XSS via Graphviz SVG javascript: linksEPSS 0.2%CVE-2026-29072HIGHDiscourse missing permission check for policy creation in discourse-policyEPSS 0.2%CVE-2026-27481MEDIUMDiscourse: Hidden tag visibility bypass on tag routesEPSS 0.2%CVE-2026-27162MEDIUMDIscourse doesn't prevent whispers to leak in excerptsEPSS 0.2%CVE-2026-27149MEDIUMDiscourse has SQL injection in PM tag filteringEPSS 0.2%CVE-2026-30891MEDIUMDiscourse hasUnauthorized Exposure of Private User Action TypesEPSS 0.2%CVE-2026-26078HIGHDiscourse has authentication bypass vulnerability in the Patreon plugin webhook endpointEPSS 0.2%CVE-2026-21865MEDIUMDiscourse topic conversion permission vulnerability for moderatorsEPSS 0.2%CVE-2025-68659MEDIUMDiscourse has DoS vulnerability in username change endpointEPSS 0.2%