| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-29072 | Discourse missing permission check for policy creation in discourse-policy | discourse | discourse | 中危 | - | 2026-03-19 21:49:34 | Deep Dive |
| CVE-2026-28282 | Discourse vulnerable to group membership addition permission bypass via discourse-policy plugin | discourse | discourse | 中危 | - | 2026-03-19 21:45:14 | Deep Dive |
| CVE-2026-27936 | Discourse discloses restricted post-action counts to non-privileged users | discourse | discourse | 中危 | - | 2026-03-19 21:42:37 | Deep Dive |
| CVE-2026-27935 | Discourse leaks private topic metadata to non-authorized users | discourse | discourse | 中危 | - | 2026-03-19 21:33:38 | Deep Dive |
| CVE-2026-27934 | Discourse leaks private topic title and post excerpt via user action API endpoint | discourse | discourse | 中危 | - | 2026-03-19 21:17:43 | Deep Dive |
| CVE-2026-27740 | Discourse has Stored XSS in AI Triage Automation | discourse | discourse | 中危 | - | 2026-03-19 20:56:17 | Deep Dive |
| CVE-2026-27570 | Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox | discourse | discourse | 中危 | - | 2026-03-19 20:52:18 | Deep Dive |
| CVE-2026-27491 | Discourse has a bypass of official warnings messages by non-staff users | discourse | discourse | 中危 | - | 2026-03-19 20:47:55 | Deep Dive |
| CVE-2026-27454 | Discourse has check revision visibility on posts endpoint | discourse | discourse | Medium | 5.3 | 2026-03-19 20:39:28 | Deep Dive |
| CVE-2026-27166 | Discourse vulnerable to HTML injection via prohibited iframe URLs | discourse | discourse | Medium | 4.1 | 2026-03-19 20:29:23 | Deep Dive |
| CVE-2026-28227 | Discourse Vulnerable to Unauthorized Topic Creation in Staff-Only Categories via Topic Timer publish_to_category | discourse | discourse | - | - | 2026-02-26 21:27:39 | Deep Dive |
| CVE-2026-28219 | Privilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global Banners | discourse | discourse | - | - | 2026-02-26 21:25:37 | Deep Dive |
| CVE-2026-28218 | Discourse's Fail-Open Access Control in Data Explorer Plugin Allows Unauthorized SQL Query Execution | discourse | discourse | - | - | 2026-02-26 21:23:32 | Deep Dive |
| CVE-2026-27154 | Discourse has XSS when editing a malicious post | discourse | discourse | - | - | 2026-02-26 21:20:25 | Deep Dive |
| CVE-2026-27153 | Discourse doesn't prevent moderators from exporting user Chat DMs | discourse | discourse | - | - | 2026-02-26 21:16:41 | Deep Dive |
| CVE-2026-27152 | DIscourse has DM communication-preference bypass when adding members | discourse | discourse | - | - | 2026-02-26 20:00:33 | Deep Dive |
| CVE-2026-27162 | DIscourse doesn't prevent whispers to leak in excerpts | discourse | discourse | - | - | 2026-02-26 19:58:34 | Deep Dive |
| CVE-2026-27151 | Discourse doesn't validate destination topic when moving posts | discourse | discourse | - | - | 2026-02-26 19:57:07 | Deep Dive |
| CVE-2026-27150 | Discourse doesn't ensure guardian check when creating QueryGroupBookmark | discourse | discourse | - | - | 2026-02-26 19:55:35 | Deep Dive |
| CVE-2026-27149 | Discourse has SQL injection in PM tag filtering | discourse | discourse | - | - | 2026-02-26 19:52:55 | Deep Dive |