|
451
|
- |
|
-
|
-
|
Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn't enforcing limits on the number of URLs that it accepted…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-53851
|
2025-02-5 07:15 |
2025-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
452
|
- |
|
-
|
-
|
Discourse is an open source platform for community discussion. In affected versions with some combinations of plugins, and with CSP disabled, activity streams in the user's profile page may be vulner…
|
CWE-79
Cross-site Scripting
|
CVE-2024-53266
|
2025-02-5 07:15 |
2025-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
453
|
- |
|
-
|
-
|
Discourse is an open source platform for community discussion. In affected versions an attacker can carefully craft a request with the right request headers to poison the anonymous cache (for example…
|
CWE-346
Origin Validation Error
|
CVE-2025-23023
|
2025-02-5 06:15 |
2025-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
454
|
- |
|
-
|
-
|
Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html eleme…
|
CWE-79
Cross-site Scripting
|
CVE-2025-22602
|
2025-02-5 06:15 |
2025-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
455
|
- |
|
-
|
-
|
Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the `act…
|
CWE-22
Path Traversal
|
CVE-2025-22601
|
2025-02-5 06:15 |
2025-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
456
|
- |
|
-
|
-
|
Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-56328
|
2025-02-5 06:15 |
2025-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
457
|
- |
|
-
|
-
|
Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of…
|
CWE-200
Information Exposure
|
CVE-2024-56197
|
2025-02-5 06:15 |
2025-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
458
|
- |
|
-
|
-
|
Discourse is an open source platform for community discussion. In affected versions an attacker can make craft an XHR request to poison the anonymous cache (for example, the cache may have a response…
|
CWE-346
Origin Validation Error
|
CVE-2024-55948
|
2025-02-5 06:15 |
2025-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
459
|
2.7 |
LOW
Network
|
-
|
-
|
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This inform…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-45658
|
2025-02-5 06:15 |
2025-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
460
|
5.0 |
MEDIUM
Local
|
-
|
-
|
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-45657
|
2025-02-5 06:15 |
2025-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
