|
561
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper …
|
CWE-200
Information Exposure
|
CVE-2026-44785
|
2026-06-16 05:58 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
562
|
7.5 |
HIGH
Network
|
-
|
-
|
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public c…
|
CWE-200
Information Exposure
|
CVE-2026-44786
|
2026-06-16 05:58 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
563
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the MessageBus.publish c…
|
CWE-200
Information Exposure
|
CVE-2026-47263
|
2026-06-16 05:58 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
564
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/discl…
|
CWE-200
CWE-862
Information Exposure
Missing Authorization
|
CVE-2026-45085
|
2026-06-16 05:58 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
565
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a path traversal vulnera…
|
CWE-22
Path Traversal
|
CVE-2026-45775
|
2026-06-16 05:58 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
566
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializer#ta…
|
CWE-200
Information Exposure
|
CVE-2026-47264
|
2026-06-16 05:58 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
567
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to restrict role_updated websocket event broadcasts to members of the affected team or channel wh…
|
CWE-200
Information Exposure
|
CVE-2026-3433
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
568
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allo…
|
CWE-200
Information Exposure
|
CVE-2026-6046
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
569
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creati…
|
CWE-862
Missing Authorization
|
CVE-2026-6689
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
570
|
6.7 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to require system-level permission when patching protected default system roles, which allows aut…
|
CWE-863
Incorrect Authorization
|
CVE-2026-6739
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
