Vulnerabilidades en Discourse
279 resultadosCVE-2026-26979NONEDiscourse: TL4 users are able to change status of restricted topicsEPSS 0.2%CVE-2026-32273MEDIUMDiscourse: XSS on category description update via APIEPSS 0.2%CVE-2026-32607LOWDiscourse: Stored XSS via unescaped assignee nameEPSS 0.2%CVE-2026-27154LOWDiscourse has XSS when editing a malicious postEPSS 0.2%CVE-2025-69289MEDIUMDiscourse has insecure default configuration that allows non-admin moderators to takeover any non-staff account via email changeEPSS 0.2%CVE-2026-33426LOWDiscourse users can edit or synonymize hidden tags they can't seeEPSS 0.2%CVE-2026-32619MEDIUMDiscourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categoriesEPSS 0.2%CVE-2026-27153LOWDiscourse doesn't prevent moderators from exporting user Chat DMsEPSS 0.2%CVE-2026-27152LOWDIscourse has DM communication-preference bypass when adding membersEPSS 0.2%CVE-2026-33410MEDIUMDiscourse hardens chat DM channel creation and expansionEPSS 0.2%CVE-2026-33251MEDIUMDiscourse has a Hidden Solved topics permission bypassEPSS 0.2%CVE-2026-27151LOWDiscourse doesn't validate destination topic when moving postsEPSS 0.2%CVE-2026-32615MEDIUMDiscourse: Category group moderators can perform actions on topics in restricted categories without read accessEPSS 0.2%CVE-2026-27150LOWDiscourse doesn't ensure guardian check when creating QueryGroupBookmarkEPSS 0.2%CVE-2026-26973MEDIUMDiscourse doesn't scope reviewable notes to user-visible reviewablesEPSS 0.2%CVE-2026-28218MEDIUMDiscourse's Fail-Open Access Control in Data Explorer Plugin Allows Unauthorized SQL Query ExecutionEPSS 0.2%CVE-2026-26207MEDIUMDIscourse's discourse-policy plugin lacks post access checkEPSS 0.2%CVE-2026-44783MEDIUMDiscourse: Replying to a whisper lets non-whisperers create staff-only whisper postsEPSS 0.1%CVE-2025-68933MEDIUMDiscourse non-admin moderators can exfiltrate private content via post ownership transferEPSS 0.1%