discourse

Top products

The 15 most recently published vulnerabilities affecting discourse.

• CVE-2026-47264Discourse: Don't leak restricted tag group names via tag info5.3Jun 12, 2026
• CVE-2026-47263Discourse: Prevent webhook payload disclosure on event redelivery4.3Jun 12, 2026
• CVE-2026-45775Discourse: Cross-site backup access via path traversal in multisite local backups6.8Jun 12, 2026
• CVE-2026-45085Discourse: Chat misauthorization and information disclosure5.3Jun 12, 2026
• CVE-2026-44785Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts4.3Jun 12, 2026
• CVE-2026-44784Discourse: Non-staff group owners can see email password in plaintext through group history6.5Jun 12, 2026
• CVE-2026-44783Discourse: Replying to a whisper lets non-whisperers create staff-only whisper posts5.4Jun 12, 2026
• CVE-2026-44782Discourse: GroupPostSerializer leaks hidden full names through reaction post association4.3Jun 12, 2026
• CVE-2026-44780Discourse: Category queue reviewers can read raw incoming emails from queued posts4.3Jun 12, 2026
• CVE-2026-44779Discourse: Bot debug endpoints disclose whisper translation audit logs4.3Jun 12, 2026
• CVE-2026-44786Discourse: Public chat MessageBus broadcasts are not restricted to chat-eligible users7.5Jun 12, 2026
• CVE-2026-34154Discourse has a subscription access bypass in its discourse-subscriptions plugin5.3May 19, 2026
• CVE-2026-33514Discourse: Information Disclosure in Form Template API Due to Missing Authorization4.3May 19, 2026
• CVE-2026-32244Discourse: Cached outdated summaries can leak removed content5.3May 19, 2026
• CVE-2026-34947Discourse: Staged user custom fields are exposed on public invite pages5.3Apr 3, 2026