Discourse Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by discourse
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
XSRF Vulnerability in Discourse Community Forum Software
CVE-2024-55948DiscourseDiscourse8.2HIGHCache Poisoning Vulnerability in Discourse by Discourse
CVE-2025-23023DiscourseDiscourse8.2HIGHHTML Entity Exposure in Discourse AI Plugin by Discourse
CVE-2024-54142DiscourseDiscourse-ai9.1CRITICALAnonymous Cache Poisoning Vulnerability in Discourse Affects Only Anonymous Visitors
CVE-2024-47773DiscourseDiscourse8.2HIGHAttackers Can Bypass Domain-Based Restrictions in Discourse Due to Recent Vulnerability
CVE-2024-45051DiscourseDiscourse8.2HIGHDiscourse vulnerability affects very long tag group names
CVE-2024-37299DiscourseDiscourse7.5HIGHCarefully crafted malicious URL can reduce Discourse instance availability
CVE-2024-35227DiscourseDiscourse7.5HIGHDiscourse Plugin Vulnerability Affects Microsoft Authentication
CVE-2023-46241DiscourseDiscourse-microsoft-auth8.1HIGHDiscourse vulnerable to unlimited mentioned users in message serializer
CVE-2023-48297discoursediscourse7.5HIGHDiscourse DoS through Onebox favicon URL
CVE-2023-47120DiscourseDiscourse7.5HIGHCross-site Scripting via email preview when CSP disabled in Discourse
CVE-2023-43659DiscourseDiscourse8HIGHUnauthenticated access to new private chat messages in Discourse
CVE-2023-45131DiscourseDiscourse7.5HIGHMalicious requests can fill up the log files resulting in a deinal of service in Discourse
CVE-2023-44388DiscourseDiscourse7.5HIGHImproper escaping of user input in discourse-calendar
CVE-2023-43658DiscourseDiscourse-calendar8HIGHImproper escaping of encrypted topic titles can lead to Cross-site Scripting under non-default site configuration
CVE-2023-43657DiscourseDiscourse-encrypt7.2HIGHDiscourse vulnerable to ReDoS in user agent parsing
CVE-2023-23621DiscourseDiscourse8.6HIGHDiscourse vulnerable to Cross-site Scripting in local oneboxes
CVE-2023-22468DiscourseDiscourse8.8HIGHDiscourse vulnerable to Cross-site Scripting through pending post titles descriptions
CVE-2023-22454DiscourseDiscourse8HIGHDiscourse BBCode plugin vulnerable to arbitrary CSS injection
CVE-2022-46162DiscourseDiscourse-bbcode8.8HIGHDiscourse allows self-XSS through malicious composer message
CVE-2022-46148DiscourseDiscourse7.1HIGHDiscourse user account takeover via email and invite link
CVE-2022-39356DiscourseDiscourse8.9HIGHPossible Server-Side Request Forgery (SSRF) in webhooks
CVE-2022-39241DiscourseDiscourse7.6HIGHDiscourse Patreon vulnerable to improper validation of email during Patreon authentication
CVE-2022-39355DiscourseDiscourse-patreon9.1CRITICALDiscourse moderators can edit themes via the API
CVE-2022-36068DiscourseDiscourse7.2HIGHDiscourse vulnerable to RCE via admins uploading maliciously zipped file
CVE-2022-36066DiscourseDiscourse9.1CRITICAL