Discourse Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by discourse
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
XSRF Vulnerability in Discourse Community Forum Software
CVE-2024-55948DiscourseDiscourse8.2HIGHCache Poisoning Vulnerability in Discourse by Discourse
CVE-2025-23023DiscourseDiscourse8.2HIGHHTML Entity Exposure in Discourse AI Plugin by Discourse
CVE-2024-54142DiscourseDiscourse-ai9.1CRITICALAnonymous Cache Poisoning Vulnerability in Discourse Affects Only Anonymous Visitors
CVE-2024-47773DiscourseDiscourse8.2HIGHAttackers Can Bypass Domain-Based Restrictions in Discourse Due to Recent Vulnerability
CVE-2024-45051DiscourseDiscourse8.2HIGHDiscourse vulnerability affects very long tag group names
CVE-2024-37299DiscourseDiscourse7.5HIGHCarefully crafted malicious URL can reduce Discourse instance availability
CVE-2024-35227DiscourseDiscourse7.5HIGHAdmin-Initiated SSRF Attacks Vulnerability in Discourse-AI Plugin
CVE-2024-23654discoursediscourse-ai7.2HIGHDiscourse Plugin Vulnerability Affects Microsoft Authentication
CVE-2023-46241DiscourseDiscourse-microsoft-auth8.1HIGHDiscourse vulnerable to unlimited mentioned users in message serializer
CVE-2023-48297discoursediscourse7.5HIGHDiscourse SSRF vulnerability in Embedding
CVE-2023-47121discoursediscourse9.8CRITICALDiscourse DoS through Onebox favicon URL
CVE-2023-47120DiscourseDiscourse7.5HIGHImproper escaping of user input in discourse-calendar
CVE-2023-43658DiscourseDiscourse-calendar8HIGHUnauthenticated access to new private chat messages in Discourse
CVE-2023-45131DiscourseDiscourse7.5HIGHMalicious requests can fill up the log files resulting in a deinal of service in Discourse
CVE-2023-44388DiscourseDiscourse7.5HIGHCross-site Scripting via email preview when CSP disabled in Discourse
CVE-2023-43659DiscourseDiscourse8HIGHImproper escaping of encrypted topic titles can lead to Cross-site Scripting under non-default site configuration
CVE-2023-43657DiscourseDiscourse-encrypt7.2HIGHDiscourse's SSRF protection missing for some FastImage requests
CVE-2023-28112discoursediscourse8.1HIGHDiscourse vulnerable to SSRF protection bypass possible with IPv4-mapped IPv6 addresses
CVE-2023-28111discoursediscourse7.5HIGHDiscourse vulnerable to ReDoS in user agent parsing
CVE-2023-23621discoursediscourse7.5HIGHDiscourse password reset link can lead to in account takeover if user changes to a new email
CVE-2022-46177discoursediscourse8.1HIGHDiscourse BBCode plugin vulnerable to arbitrary CSS injection
CVE-2022-46162DiscourseDiscourse-bbcode8.8HIGHDiscourse allows self-XSS through malicious composer message
CVE-2022-46148DiscourseDiscourse7.1HIGHPossible Server-Side Request Forgery (SSRF) in webhooks
CVE-2022-39241DiscourseDiscourse7.6HIGHDiscourse user account takeover via email and invite link
CVE-2022-39356DiscourseDiscourse8.9HIGH