Vulnerabilidades en discourse

279 resultados
Análisis Vexday

Com 278 CVEs catalogadas e nenhuma entrada confirmada no catálogo KEV da CISA, o Discourse apresenta taxa de exploração ativa abaixo da média geral do catálogo, o que sugere menor pressão de ameaças imediatas em comparação ao universo típico de produtos monitorados. Ainda assim, 31 vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descobertas recentes que exige acompanhamento contínuo. A falha mais prevalente é CWE-200 (exposição de informações sensíveis), padrão que tende a se manifestar em plataformas de comunicação e pode facilitar reconhecimento por parte de atacantes. A CVE mais perigosa ativa atualmente é CVE-2024-53991, com escore EPSS de 0,2543 — o mais alto observado no conjunto —, e entre as cinco vulnerabilidades críticas catalogadas quatro já contam com prova de conceito pública, o que eleva o risco de exploração para equipes que ainda não aplicaram as correções correspondentes.

CVE-2026-26265HIGHDiscourse has IDOR vulnerability in the directory items endpointEPSS 0.2%CVE-2025-68666MEDIUMDiscourse users archives leaked to users with moderation privilegesEPSS 0.2%CVE-2024-55948HIGHAnonymous cache poisoning via XHR requests in DiscourseEPSS 0.2%CVE-2025-23023HIGHAnonymous cache poisoning via request headers in DiscourseEPSS 0.2%CVE-2025-58055MEDIUMDiscourse AI Suggestions Contain Insecure Direct Object ReferenceEPSS 0.2%CVE-2026-44779MEDIUMDiscourse: Bot debug endpoints disclose whisper translation audit logsEPSS 0.2%CVE-2025-68934MEDIUMDiscourse Has Denial of Service (DoS) Vulnerability in Drafts Creation EndpointEPSS 0.2%CVE-2026-33300MEDIUMDiscourse: Hidden group names and access metadata are exposed to moderators through the `category-chatables` endpointEPSS 0.2%CVE-2026-32143MEDIUMDiscourse: Admin-only report can be exported by moderatorsEPSS 0.2%CVE-2026-32244MEDIUMDiscourse: Cached outdated summaries can leak removed contentEPSS 0.2%CVE-2026-29072HIGHDiscourse missing permission check for policy creation in discourse-policyEPSS 0.2%CVE-2026-33395MEDIUMDiscourse has stored click‑based XSS via Graphviz SVG javascript: linksEPSS 0.2%CVE-2026-44784MEDIUMDiscourse: Non-staff group owners can see email password in plaintext through group historyEPSS 0.2%CVE-2026-27481MEDIUMDiscourse: Hidden tag visibility bypass on tag routesEPSS 0.2%CVE-2026-27162MEDIUMDIscourse doesn't prevent whispers to leak in excerptsEPSS 0.2%CVE-2026-27149MEDIUMDiscourse has SQL injection in PM tag filteringEPSS 0.2%CVE-2026-26078HIGHDiscourse has authentication bypass vulnerability in the Patreon plugin webhook endpointEPSS 0.2%CVE-2026-30891MEDIUMDiscourse hasUnauthorized Exposure of Private User Action TypesEPSS 0.2%CVE-2026-21865MEDIUMDiscourse topic conversion permission vulnerability for moderatorsEPSS 0.2%CVE-2025-68659MEDIUMDiscourse has DoS vulnerability in username change endpointEPSS 0.2%