Vulnerabilidades em discourse

279 resultados
Análise Vexday

Com 278 CVEs catalogadas e nenhuma entrada confirmada no catálogo KEV da CISA, o Discourse apresenta taxa de exploração ativa abaixo da média geral do catálogo, o que sugere menor pressão de ameaças imediatas em comparação ao universo típico de produtos monitorados. Ainda assim, 31 vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descobertas recentes que exige acompanhamento contínuo. A falha mais prevalente é CWE-200 (exposição de informações sensíveis), padrão que tende a se manifestar em plataformas de comunicação e pode facilitar reconhecimento por parte de atacantes. A CVE mais perigosa ativa atualmente é CVE-2024-53991, com escore EPSS de 0,2543 — o mais alto observado no conjunto —, e entre as cinco vulnerabilidades críticas catalogadas quatro já contam com prova de conceito pública, o que eleva o risco de exploração para equipes que ainda não aplicaram as correções correspondentes.

CVE-2026-26979NONEDiscourse: TL4 users are able to change status of restricted topicsEPSS 0.2%CVE-2026-32273MEDIUMDiscourse: XSS on category description update via APIEPSS 0.2%CVE-2026-32607LOWDiscourse: Stored XSS via unescaped assignee nameEPSS 0.2%CVE-2026-27154LOWDiscourse has XSS when editing a malicious postEPSS 0.2%CVE-2025-69289MEDIUMDiscourse has insecure default configuration that allows non-admin moderators to takeover any non-staff account via email changeEPSS 0.2%CVE-2026-33426LOWDiscourse users can edit or synonymize hidden tags they can't seeEPSS 0.2%CVE-2026-32619MEDIUMDiscourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categoriesEPSS 0.2%CVE-2026-27153LOWDiscourse doesn't prevent moderators from exporting user Chat DMsEPSS 0.2%CVE-2026-27152LOWDIscourse has DM communication-preference bypass when adding membersEPSS 0.2%CVE-2026-33410MEDIUMDiscourse hardens chat DM channel creation and expansionEPSS 0.2%CVE-2026-33251MEDIUMDiscourse has a Hidden Solved topics permission bypassEPSS 0.2%CVE-2026-27151LOWDiscourse doesn't validate destination topic when moving postsEPSS 0.2%CVE-2026-32615MEDIUMDiscourse: Category group moderators can perform actions on topics in restricted categories without read accessEPSS 0.2%CVE-2026-27150LOWDiscourse doesn't ensure guardian check when creating QueryGroupBookmarkEPSS 0.2%CVE-2026-26973MEDIUMDiscourse doesn't scope reviewable notes to user-visible reviewablesEPSS 0.2%CVE-2026-28218MEDIUMDiscourse's Fail-Open Access Control in Data Explorer Plugin Allows Unauthorized SQL Query ExecutionEPSS 0.2%CVE-2026-26207MEDIUMDIscourse's discourse-policy plugin lacks post access checkEPSS 0.2%CVE-2026-44783MEDIUMDiscourse: Replying to a whisper lets non-whisperers create staff-only whisper postsEPSS 0.1%CVE-2025-68933MEDIUMDiscourse non-admin moderators can exfiltrate private content via post ownership transferEPSS 0.1%