| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-21658 | Insufficient control of region value length in discourse-calendar | discourse | discourse-calendar | Medium | 4.3 | 2024-08-30 17:18:41 | Deep Dive |
| CVE-2024-43408 | Discourse Placeholder Forms has a XSS stopped by CSP | discourse | discourse-placeholder-theme-component | Medium | 6.3 | 2024-08-20 16:28:48 | Deep Dive |
| CVE-2024-39320 | Discourse allows iframe injection though default site setting | discourse | discourse | Medium | 6.1 | 2024-07-30 14:33:49 | Deep Dive |
| CVE-2024-37299 | Discourse vulnerable to DoS via Tag Group | discourse | discourse | Medium | 4.9 | 2024-07-30 14:22:36 | Deep Dive |
| CVE-2024-37165 | Discourse has an XSS via Onebox system | discourse | discourse | Medium | 6.3 | 2024-07-30 14:10:25 | Deep Dive |
| CVE-2024-38360 | Denial of service via Watched Words in Discourse | discourse | discourse | Medium | 4.9 | 2024-07-15 19:43:05 | Deep Dive |
| CVE-2024-37157 | Discourse vulnerable to Server-Side Request Forgery via FastImage | discourse | discourse | Medium | 6.4 | 2024-07-03 19:13:43 | Deep Dive |
| CVE-2024-36122 | Discourse doesn't limit reviewable user serializer payload | discourse | discourse | Low | 2.4 | 2024-07-03 19:10:46 | Deep Dive |
| CVE-2024-36113 | Discourse missing authorization checks for suspending admins/moderators | discourse | discourse | Medium | 4.9 | 2024-07-03 19:07:27 | Deep Dive |
| CVE-2024-35234 | Discourse vulnerable to stored-dom XSS via Facebook Oneboxes | discourse | discourse | Medium | 4.2 | 2024-07-03 18:23:10 | Deep Dive |
| CVE-2024-35227 | Discourse vulnerable to DoS through Onebox | discourse | discourse | High | 7.5 | 2024-07-03 17:39:38 | Deep Dive |
| CVE-2024-35168 | WordPress WP Discourse plugin <= 2.5.1 - Broken Access Control vulnerability | Discourse | WP Discourse | Medium | 4.3 | 2024-06-11 14:40:31 | Deep Dive |
| CVE-2024-31219 | Discourse-reactions' reaction data and public topic whisper content exposed on reactions given user activity page | discourse | discourse-reactions | Medium | 4.3 | 2024-04-15 18:00:15 | Deep Dive |
| CVE-2024-27085 | Denial of service through invites in Discourse | discourse | discourse | Medium | 6.5 | 2024-03-15 19:22:47 | Deep Dive |
| CVE-2024-27100 | Denial of service via Staff Actions in Discourse | discourse | discourse | Medium | 6.5 | 2024-03-15 19:21:49 | Deep Dive |
| CVE-2024-28242 | Disclosure of the existence of secret categories with custom backgrounds in Discourse | discourse | discourse | Medium | 5.3 | 2024-03-15 19:21:01 | Deep Dive |
| CVE-2024-24748 | Disclosure of the existence of secret subcategories in Discourse | discourse | discourse | Medium | 5.3 | 2024-03-15 19:15:17 | Deep Dive |
| CVE-2024-24827 | No rate limits on POST /uploads endpoint in Discourse | discourse | discourse | Medium | 5.3 | 2024-03-15 19:13:43 | Deep Dive |
| CVE-2024-24817 | User can see invitees in events created in PMs and private categories | discourse | discourse-calendar | Medium | 4.3 | 2024-02-22 17:45:58 | Deep Dive |
| CVE-2024-23654 | discourse-ai admin-initiated SSRF when interacting with AI services | discourse | discourse-ai | Medium | 4.1 | 2024-02-21 20:28:13 | Deep Dive |