|
411
|
- |
|
-
|
-
|
Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the …
|
CWE-281
Improper Preservation of Permissions
|
CVE-2024-53994
|
2025-02-5 07:15 |
2025-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
412
|
- |
|
-
|
-
|
Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn't enforcing limits on the number of URLs that it accepted…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-53851
|
2025-02-5 07:15 |
2025-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
413
|
- |
|
-
|
-
|
Discourse is an open source platform for community discussion. In affected versions with some combinations of plugins, and with CSP disabled, activity streams in the user's profile page may be vulner…
|
CWE-79
Cross-site Scripting
|
CVE-2024-53266
|
2025-02-5 07:15 |
2025-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
414
|
- |
|
-
|
-
|
Discourse is an open source platform for community discussion. In affected versions an attacker can carefully craft a request with the right request headers to poison the anonymous cache (for example…
|
CWE-346
Origin Validation Error
|
CVE-2025-23023
|
2025-02-5 06:15 |
2025-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
415
|
- |
|
-
|
-
|
Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html eleme…
|
CWE-79
Cross-site Scripting
|
CVE-2025-22602
|
2025-02-5 06:15 |
2025-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
416
|
- |
|
-
|
-
|
Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the `act…
|
CWE-22
Path Traversal
|
CVE-2025-22601
|
2025-02-5 06:15 |
2025-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
417
|
- |
|
-
|
-
|
Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-56328
|
2025-02-5 06:15 |
2025-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
418
|
- |
|
-
|
-
|
Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of…
|
CWE-200
Information Exposure
|
CVE-2024-56197
|
2025-02-5 06:15 |
2025-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
419
|
- |
|
-
|
-
|
Discourse is an open source platform for community discussion. In affected versions an attacker can make craft an XHR request to poison the anonymous cache (for example, the cache may have a response…
|
CWE-346
Origin Validation Error
|
CVE-2024-55948
|
2025-02-5 06:15 |
2025-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
420
|
2.7 |
LOW
Network
|
-
|
-
|
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This inform…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-45658
|
2025-02-5 06:15 |
2025-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
