Vulnerabilidades em Discourse
279 resultadosCVE-2022-36068HIGHDiscourse moderators can edit themes via the APIEPSS 0.7%CVE-2023-46130MEDIUMBypassing height value allowed in some theme componentsEPSS 0.7%CVE-2023-47121LOWDiscourse SSRF vulnerability in EmbeddingEPSS 0.7%CVE-2023-28440LOWDenial of service via admin theme import route in DiscourseEPSS 0.7%CVE-2022-31059MEDIUMDiscourse Calendar Event names susceptible to Cross-site ScriptingEPSS 0.7%CVE-2023-22740MEDIUMDiscourse vulnerable to Allocation of Resources Without Limits via Chat draftsEPSS 0.7%CVE-2022-46177MEDIUMDiscourse password reset link can lead to in account takeover if user changes to a new emailEPSS 0.7%CVE-2023-23616LOWDiscourse membership requests lack character limitEPSS 0.7%CVE-2023-23620MEDIUMDiscourse restricted tag routes leak topic informationEPSS 0.7%CVE-2023-28107MEDIUMDiscourse vulnerable to multisite DoS by spamming backupsEPSS 0.7%CVE-2023-38706MEDIUMDiscourse vulnerable to DoS via draftsEPSS 0.6%CVE-2022-31182MEDIUMCache poisoning via maliciously-formed request in DiscourseEPSS 0.6%CVE-2025-48954HIGHDiscourse vulnerable to XSS via user-provided query parameter in oauth failure flowEPSS 0.6%CVE-2022-24850MEDIUMCategory group permissions leaked in DiscourseEPSS 0.6%CVE-2021-41263HIGHSecure/signed cookies share secrets between sites in rails_multisiteEPSS 0.6%CVE-2022-24866MEDIUMExposure of Sensitive Information to an Unauthorized Actor in Discourse AssignEPSS 0.6%CVE-2022-46159MEDIUMAny authenticated Discourse user can create an unlisted topicEPSS 0.6%CVE-2024-37299MEDIUMDiscourse vulnerable to DoS via Tag GroupEPSS 0.6%CVE-2024-24827MEDIUMNo rate limits on POST /uploads endpoint in DiscourseEPSS 0.6%CVE-2024-35227HIGHDiscourse vulnerable to DoS through OneboxEPSS 0.6%