Vulnerabilidades em discourse
279 resultadosCVE-2026-33423LOWDiscourse staff can modify any user's group notification levelEPSS 0.2%CVE-2026-28219LOWPrivilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global BannersEPSS 0.2%CVE-2025-24808MEDIUMDiscourse has race condition when adding users to a group DMEPSS 0.2%CVE-2026-33291MEDIUMDiscourse user can create Zendesk tickets even when it does not have access to topicEPSS 0.2%CVE-2025-67723MEDIUMDiscourse vulnerable to stored Cross-site Scripting via Katex in discourse-math pluginEPSS 0.2%CVE-2026-32113MEDIUMDiscourse: Open redirect via `sso_destination_url` cookie in `enter`EPSS 0.2%CVE-2026-44785MEDIUMDiscourse: Hidden reply-to post raw can be disclosed through AI explain promptsEPSS 0.2%CVE-2026-44782MEDIUMDiscourse: GroupPostSerializer leaks hidden full names through reaction post associationEPSS 0.2%CVE-2025-58054LOWDiscourse is vulnerable to XSS when quoting chat messagesEPSS 0.2%CVE-2026-44780MEDIUMDiscourse: Category queue reviewers can read raw incoming emails from queued postsEPSS 0.2%CVE-2026-33415MEDIUMDiscourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content ExposureEPSS 0.2%CVE-2025-54411LOWDiscourse welcome banner user name XSSEPSS 0.2%CVE-2026-27166MEDIUMDiscourse vulnerable to HTML injection via prohibited iframe URLsEPSS 0.2%CVE-2026-33185MEDIUMDiscourse: Group SMTP test endpoint susceptible to SSRFEPSS 0.2%CVE-2026-31869MEDIUMDiscourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_names` checkEPSS 0.2%CVE-2026-33073LOWdiscourse-subscriptions plugin leaking stripe API key in multisite environmentEPSS 0.2%CVE-2025-66488MEDIUMDiscourse allows script execution in uploaded HTML/XML files on S3EPSS 0.2%CVE-2026-33074MEDIUMDiscourse: Vulnerability in discourse-subscriptions plugin allowing users to self-grant to higher tier subscriptionsEPSS 0.2%CVE-2025-68479HIGHDiscourse subscriptions are susceptible to takeoverEPSS 0.2%CVE-2026-32243MEDIUMDiscourse: Stored XSS in discourse-ai shared conversations oneboxEPSS 0.2%