Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 268 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2024-26145 Uninvited user is able to join and mark the attendance of the the private event discoursediscourse-calendar Medium 6.5 2024-02-21 17:19:11 Deep Dive
CVE-2023-46241 Potential account take over due to unverified emails from Microsoft Identity Platform discoursediscourse-microsoft-auth Critical 9.0 2024-02-21 16:08:41 Deep Dive
CVE-2024-24755 discourse-group-membership-ip-block is exposing potentially sensitive custom fields discoursediscourse-group-membership-ip-block Medium 4.3 2024-02-01 22:14:23 Deep Dive
CVE-2024-23834 Discourse improperly sanitized user input leads to XSS discoursediscourse Medium 6.3 2024-01-30 21:31:36 Deep Dive
CVE-2023-49099 Discourse secure uploads accessible to guests even when login is required discoursediscourse Low 3.1 2024-01-12 20:53:53 Deep Dive
CVE-2024-21655 Insufficient control of custom field value sizes discoursediscourse Medium 4.3 2024-01-12 20:46:00 Deep Dive
CVE-2023-49098 Reaction data for user notifications exposed in Discourse-reactions discoursediscourse-reactions Low 3.5 2024-01-12 20:37:27 Deep Dive
CVE-2023-48297 Discourse vulnerable to unlimited mentioned users in message serializer discoursediscourse High 8.6 2024-01-12 20:35:02 Deep Dive
CVE-2023-47121 Discourse SSRF vulnerability in Embedding discoursediscourse Low 3.4 2023-11-10 15:13:42 Deep Dive
CVE-2023-47120 Discourse DoS through Onebox favicon URL discoursediscourse High 7.5 2023-11-10 15:09:54 Deep Dive
CVE-2023-47119 HTML injection in oneboxed links discoursediscourse Medium 5.3 2023-11-10 15:00:38 Deep Dive
CVE-2023-46130 Bypassing height value allowed in some theme components discoursediscourse Medium 4.3 2023-11-10 14:54:49 Deep Dive
CVE-2023-45816 Unread bookmark reminder notifications that the user cannot access can be seen discoursediscourse Low 3.3 2023-11-10 14:49:28 Deep Dive
CVE-2023-45806 Discourse vulnerable to DoS via Regexp Injection in Full Name discoursediscourse Medium 4.3 2023-11-10 14:43:38 Deep Dive
CVE-2023-43658 Improper escaping of user input in discourse-calendar discoursediscourse-calendar High 8.0 2023-10-16 21:28:57 Deep Dive
CVE-2023-45131 Unauthenticated access to new private chat messages in Discourse discoursediscourse High 7.5 2023-10-16 21:24:11 Deep Dive
CVE-2023-44391 Prevent unauthorized access to summary details in Discourse discoursediscourse Medium 5.3 2023-10-16 21:22:25 Deep Dive
CVE-2023-44388 Malicious requests can fill up the log files resulting in a deinal of service in Discourse discoursediscourse High 7.5 2023-10-16 21:11:27 Deep Dive
CVE-2023-43814 Exposure of poll options and votes to unauthorized users in Discourse discoursediscourse Low 3.7 2023-10-16 21:09:17 Deep Dive
CVE-2023-43659 Cross-site Scripting via email preview when CSP disabled in Discourse discoursediscourse High 8.0 2023-10-16 21:05:32 Deep Dive