David Battersby

CVE-2026-32618 WRITEUP MEDIUM WRITEUP

Discourse: Unauthorized channel membership inference via excluded_memberships_channel_id

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, there is possible channel membership inference from chat user search without authorization. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

CVSS 4.3

View Code

CVE-2023-49098 WRITEUP LOW WRITEUP

Discourse-reactions - Info Disclosure

Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939.

CVSS 3.5

View Code