| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-53266 | Cross-site Scripting (XSS) via topic titles when CSP disabled in Discourse | discourse | discourse | Medium | 4.3 | 2025-02-04 21:18:20 | Deep Dive |
| CVE-2024-53851 | Partial denial of service via inline oneboxes in Discourse | discourse | discourse | Medium | 4.3 | 2025-02-04 21:16:42 | Deep Dive |
| CVE-2024-53994 | Potential bypass of chat permissions in Discourse | discourse | discourse | Medium | 4.3 | 2025-02-04 21:12:23 | Deep Dive |
| CVE-2024-55948 | Anonymous cache poisoning via XHR requests in Discourse | discourse | discourse | High | 8.2 | 2025-02-04 21:02:00 | Deep Dive |
| CVE-2024-56197 | Users can see other user's tagged PMs in Discourse | discourse | discourse | Low | 2.2 | 2025-02-04 20:59:13 | Deep Dive |
| CVE-2024-56328 | HTMLi(XSS without CSP) via Onebox urls in Discourse | discourse | discourse | Medium | 6.5 | 2025-02-04 20:55:17 | Deep Dive |
| CVE-2025-22601 | Client Side Path Traversal using activate account route in Discourse | discourse | discourse | Low | 3.1 | 2025-02-04 20:53:12 | Deep Dive |
| CVE-2025-22602 | Stored DOM-based XSS (without CSP) via video placeholders in Discourse | discourse | discourse | Medium | 6.5 | 2025-02-04 20:51:57 | Deep Dive |
| CVE-2025-23023 | Anonymous cache poisoning via request headers in Discourse | discourse | discourse | High | 8.2 | 2025-02-04 20:48:53 | Deep Dive |
| CVE-2024-54142 | Cross-site Scripting via Discourse-ai SharedAiConversation onebox in Discourse | discourse | discourse-ai | Critical | 9.0 | 2025-01-14 22:39:49 | Deep Dive |
| CVE-2024-49765 | Bypass of Discourse Connect using other login paths if enabled in Discourse | discourse | discourse | Medium | 5.3 | 2024-12-19 19:15:11 | Deep Dive |
| CVE-2024-52589 | Moderators can view Screened emails even when the “moderators view emails” option is disabled in Discourse | discourse | discourse | Low | 2.2 | 2024-12-19 19:13:51 | Deep Dive |
| CVE-2024-52794 | Magnific lightbox susceptible to Cross-site Scripting in Discourse | discourse | discourse | Medium | 6.8 | 2024-12-19 19:12:30 | Deep Dive |
| CVE-2024-53991 | Potential Backup file leaked via Nginx in Discourse | discourse | discourse | High | 7.5 | 2024-12-19 19:11:21 | Deep Dive |
| CVE-2024-47773 | Anonymous cache poisoning via XHR requests in Discourse | discourse | discourse | High | 8.2 | 2024-10-08 18:01:14 | Deep Dive |
| CVE-2024-47772 | Cross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse | discourse | discourse | Medium | 6.5 | 2024-10-07 20:50:33 | Deep Dive |
| CVE-2024-43789 | Denial of service by the absence of restrictions on replies to posts in Discourse | discourse | discourse | High | 7.5 | 2024-10-07 20:24:32 | Deep Dive |
| CVE-2024-45297 | Prevent topic list filtering by hidden tags for unauthorized users in Discourse | discourse | discourse | Medium | 5.3 | 2024-10-07 20:24:05 | Deep Dive |
| CVE-2024-45051 | Bypass of email address validation via encoded email addresses in Discourse | discourse | discourse | High | 8.2 | 2024-10-07 20:23:02 | Deep Dive |
| CVE-2024-45303 | Discourse Calendar plugin event names susceptible to XSS | discourse | discourse-calendar | Medium | 6.1 | 2024-09-12 18:11:47 | Deep Dive |