Vulnerabilidades en discourse
279 resultadosCVE-2024-53991HIGHPotential Backup file leaked via Nginx in DiscourseEPSS 25.4%CVE-2021-41163CRITICALRCE via malicious SNS subscription payloadEPSS 19.8%CVE-2026-28227LOWDiscourse Vulnerable to Unauthorized Topic Creation in Staff-Only Categories via Topic Timer publish_to_categoryEPSS 3.1%CVE-2021-43840MEDIUMPath traversal in message_busEPSS 1.9%CVE-2023-45131HIGHUnauthenticated access to new private chat messages in DiscourseEPSS 1.8%CVE-2021-41082HIGHPrivate message title and participating users leaked in discourseEPSS 1.7%CVE-2024-47773HIGHAnonymous cache poisoning via XHR requests in DiscourseEPSS 1.6%CVE-2022-36066CRITICALDiscourse vulnerable to RCE via admins uploading maliciously zipped fileEPSS 1.6%CVE-2022-21677MEDIUMGroup advanced search option may leak group and group's members visibility EPSS 1.2%CVE-2022-23641MEDIUMDenial of Service in DiscourseEPSS 1.1%CVE-2022-46162HIGHDiscourse BBCode plugin vulnerable to arbitrary CSS injectionEPSS 1.1%CVE-2021-43794MEDIUMAnonymous user cache poisoning via development-mode header in DiscourseEPSS 1.0%CVE-2023-45806MEDIUMDiscourse vulnerable to DoS via Regexp Injection in Full NameEPSS 1.0%CVE-2022-31060MEDIUMBanner topic data is exposed on login-required Discourse sitesEPSS 1.0%CVE-2023-47120HIGHDiscourse DoS through Onebox favicon URLEPSS 1.0%CVE-2022-21684MEDIUMUser can bypass approval when invited to DiscourseEPSS 1.0%CVE-2022-39232MEDIUMDiscourse vulnerable to incomplete quote causing a topic to crash in the browserEPSS 1.0%CVE-2022-24824MEDIUMAnonymous user cache poisoning in discourseEPSS 0.9%CVE-2023-47119MEDIUMHTML injection in oneboxed linksEPSS 0.9%CVE-2021-41271MEDIUMCache poisoning via maliciously-formed request in discourseEPSS 0.9%