| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-27021 | Discourse: Poll voters endpoint lacked post visibility checks | discourse | discourse | - | - | 2026-02-26 19:50:56 | Deep Dive |
| CVE-2026-26979 | Discourse: TL4 users are able to change status of restricted topics | discourse | discourse | - | - | 2026-02-26 19:25:16 | Deep Dive |
| CVE-2026-26973 | Discourse doesn't scope reviewable notes to user-visible reviewables | discourse | discourse | Medium | 4.3 | 2026-02-26 19:19:18 | Deep Dive |
| CVE-2026-26265 | Discourse has IDOR vulnerability in the directory items endpoint | discourse | discourse | High | 7.5 | 2026-02-26 15:10:26 | Deep Dive |
| CVE-2026-26207 | DIscourse's discourse-policy plugin lacks post access check | discourse | discourse | Medium | 5.4 | 2026-02-26 15:04:15 | Deep Dive |
| CVE-2026-26078 | Discourse has authentication bypass vulnerability in the Patreon plugin webhook endpoint | discourse | discourse | High | 7.5 | 2026-02-26 15:00:47 | Deep Dive |
| CVE-2026-26077 | Discourse doesn't ensure webhooks require a token | discourse | discourse | Medium | 6.5 | 2026-02-26 14:58:14 | Deep Dive |
| CVE-2026-24742 | Discourse staff action logs expose sensitive information to moderators | discourse | discourse | Medium | 6.5 | 2026-01-28 20:11:31 | Deep Dive |
| CVE-2026-23743 | Discourse allows permalinks to restricted resources to leak resource slugs to unauthorized users | discourse | discourse | - | - | 2026-01-28 20:07:21 | Deep Dive |
| CVE-2026-21865 | Discourse topic conversion permission vulnerability for moderators | discourse | discourse | Medium | 6.5 | 2026-01-28 19:51:38 | Deep Dive |
| CVE-2025-69289 | Discourse has insecure default configuration that allows non-admin moderators to takeover any non-staff account via email change | discourse | discourse | - | - | 2026-01-28 19:33:59 | Deep Dive |
| CVE-2025-69218 | Discourse moderators can access admin-only reports exposing private upload URLs | discourse | discourse | - | - | 2026-01-28 19:30:29 | Deep Dive |
| CVE-2025-68934 | Discourse Has Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint | discourse | discourse | Medium | 6.5 | 2026-01-28 19:20:00 | Deep Dive |
| CVE-2025-68933 | Discourse non-admin moderators can exfiltrate private content via post ownership transfer | discourse | discourse | Medium | 6.9 | 2026-01-28 19:17:24 | Deep Dive |
| CVE-2025-68666 | Discourse users archives leaked to users with moderation privileges | discourse | discourse | - | - | 2026-01-28 19:14:10 | Deep Dive |
| CVE-2025-68662 | FinalDestination hostname matching allows SSRF protection bypass | discourse | discourse | High | 7.6 | 2026-01-28 19:12:25 | Deep Dive |
| CVE-2025-68660 | Discourse AI Discover's continue conversation allows threat actor to impersonate user | discourse | discourse | - | - | 2026-01-28 18:55:12 | Deep Dive |
| CVE-2025-68659 | Discourse has DoS vulnerability in username change endpoint | discourse | discourse | Medium | 4.3 | 2026-01-28 18:51:40 | Deep Dive |
| CVE-2025-68479 | Discourse subscriptions are susceptible to takeover | discourse | discourse | High | 7.1 | 2026-01-28 18:34:00 | Deep Dive |
| CVE-2025-67723 | Discourse vulnerable to stored Cross-site Scripting via Katex in discourse-math plugin | discourse | discourse | Medium | 4.6 | 2026-01-28 18:21:35 | Deep Dive |