|
3201
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not…
|
CWE-200
Information Exposure
|
CVE-2026-44784
|
2026-06-16 05:58 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3202
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper …
|
CWE-200
Information Exposure
|
CVE-2026-44785
|
2026-06-16 05:58 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3203
|
7.5 |
HIGH
Network
|
-
|
-
|
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public c…
|
CWE-200
Information Exposure
|
CVE-2026-44786
|
2026-06-16 05:58 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3204
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the MessageBus.publish c…
|
CWE-200
Information Exposure
|
CVE-2026-47263
|
2026-06-16 05:58 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3205
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/discl…
|
CWE-200 CWE-862
Information Exposure Missing Authorization
|
CVE-2026-45085
|
2026-06-16 05:58 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3206
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a path traversal vulnera…
|
CWE-22
Path Traversal
|
CVE-2026-45775
|
2026-06-16 05:58 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3207
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializer#ta…
|
CWE-200
Information Exposure
|
CVE-2026-47264
|
2026-06-16 05:58 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3208
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to restrict role_updated websocket event broadcasts to members of the affected team or channel wh…
|
CWE-200
Information Exposure
|
CVE-2026-3433
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3209
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allo…
|
CWE-200
Information Exposure
|
CVE-2026-6046
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3210
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creati…
|
CWE-862
Missing Authorization
|
CVE-2026-6689
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|