Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

discourse — Vulnerabilities & Security Advisories 234

All 234 CVE vulnerabilities found in discourse, with AI-generated Chinese analysis, references, and POCs.

Vendor: discourse

CVE IDTitleCVSSSeverityPublished
CVE-2024-36122 Discourse doesn't limit reviewable user serializer payload CWE-200 2.4 Low2024-07-03
CVE-2024-36113 Discourse missing authorization checks for suspending admins/moderators CWE-862 4.9 Medium2024-07-03
CVE-2024-35234 Discourse vulnerable to stored-dom XSS via Facebook Oneboxes CWE-79 4.2 Medium2024-07-03
CVE-2024-35227 Discourse vulnerable to DoS through Onebox CWE-20 7.5 High2024-07-03
CVE-2024-27085 Denial of service through invites in Discourse CWE-400 6.5 Medium2024-03-15
CVE-2024-27100 Denial of service via Staff Actions in Discourse CWE-400 6.5 Medium2024-03-15
CVE-2024-28242 Disclosure of the existence of secret categories with custom backgrounds in Discourse CWE-200 5.3 Medium2024-03-15
CVE-2024-24748 Disclosure of the existence of secret subcategories in Discourse CWE-200 5.3 Medium2024-03-15
CVE-2024-24827 No rate limits on POST /uploads endpoint in Discourse CWE-400 5.3 Medium2024-03-15
CVE-2024-23834 Discourse improperly sanitized user input leads to XSS CWE-79 6.3 Medium2024-01-30
CVE-2023-49099 Discourse secure uploads accessible to guests even when login is required CWE-284 3.1 Low2024-01-12
CVE-2024-21655 Insufficient control of custom field value sizes CWE-400 4.3 Medium2024-01-12
CVE-2023-48297 Discourse vulnerable to unlimited mentioned users in message serializer CWE-400 8.6 High2024-01-12
CVE-2023-47121 Discourse SSRF vulnerability in Embedding CWE-918 3.4 Low2023-11-10
CVE-2023-47120 Discourse DoS through Onebox favicon URL CWE-770 7.5 High2023-11-10
CVE-2023-47119 HTML injection in oneboxed links CWE-74 5.3 Medium2023-11-10
CVE-2023-46130 Bypassing height value allowed in some theme components CWE-770 4.3 Medium2023-11-10
CVE-2023-45816 Unread bookmark reminder notifications that the user cannot access can be seen CWE-200 3.3 Low2023-11-10
CVE-2023-45806 Discourse vulnerable to DoS via Regexp Injection in Full Name CWE-1333 4.3 Medium2023-11-10
CVE-2023-45131 Unauthenticated access to new private chat messages in Discourse CWE-200 7.5 High2023-10-16
CVE-2023-44391 Prevent unauthorized access to summary details in Discourse CWE-200 5.3 Medium2023-10-16
CVE-2023-44388 Malicious requests can fill up the log files resulting in a deinal of service in Discourse CWE-400 7.5 High2023-10-16
CVE-2023-43814 Exposure of poll options and votes to unauthorized users in Discourse CWE-200 3.7 Low2023-10-16
CVE-2023-43659 Cross-site Scripting via email preview when CSP disabled in Discourse CWE-79 8.0 High2023-10-16
CVE-2023-45147 Arbitrary keys can be added to a topic's custom fields by any user in Discourse CWE-200 4.9 Medium2023-10-16
CVE-2023-41043 Discourse DoS via SvgSprite cache CWE-770 6.5 Medium2023-09-15
CVE-2023-41042 Discourse DoS via remote theme assets CWE-770 4.9 Medium2023-09-15
CVE-2023-40588 Discourse DoS via 2FA and Security Key Names CWE-770 6.5 Medium2023-09-15
CVE-2023-38706 Discourse vulnerable to DoS via drafts CWE-770 6.5 Medium2023-09-15
CVE-2023-38685 Discourse's restricted tag information visible to unauthenticated users CWE-200 4.3 Medium2023-07-28

All 234 known CVE vulnerabilities affecting discourse with full Chinese analysis, references, and POCs where available.