Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / discourse

discourse

274 tracked vulnerabilities.

CVE-2025-24972 MEDIUM

Discourse <3.3.4, <3.4.0.beta5 - Info Disclosure

CVE-2025-24808 MEDIUM

Discourse < 3.3.4 and < 3.4.0.beta5 - Race Condition in Group DM User Addition

CVE-2025-23023 HIGH

Discourse < 3.3.2 - Cache Poisoning via Anonymous Cache Header Manipulation

CVE-2025-22602 MEDIUM

Discourse - Stored Cross-Site Scripting via Video Placeholder HTML Element

CVE-2025-22601 LOW

Discourse < 3.4.0 - Path Traversal via Activate-Account Route

CVE-2024-53994 MEDIUM

Discourse - Improper Preservation of Permissions in Chat Preferences

CVE-2024-53851 MEDIUM

Discourse < 3.3.3 and < 3.4.0 - Authenticated Denial of Service via Inline Onebox URL Endpoint

CVE-2024-53266 MEDIUM

Discourse - Cross-Site Scripting in User Profile Activity Streams

CVE-2024-56328 MEDIUM

Discourse - Stored Cross-Site Scripting via Malicious Onebox URL

CVE-2024-56197 LOW

Discourse - Unauthorized Exposure of PM Titles and Metadata via PM Tags Feature

CVE-2024-55948 HIGH

Discourse < 3.3.2 - Cache Poisoning via Anonymous XHR Request

CVE-2024-54142 CRITICAL

discourse-ai - Cross-Site Scripting via Shared Bot Conversation HTML Entities

CVE-2024-53991 HIGH NUCLEI

Discourse - Unauthorized Backup File Access via Nginx Request Manipulation

CVE-2024-52794 MEDIUM

Discourse - Cross-Site Scripting via Lightbox Thumbnail Click

CVE-2024-52589 LOW

Discourse - Unauthorized Exposure of User Email via Moderator Dashboard

CVE-2024-49765 MEDIUM

Discourse - Unauthorized Account Creation via Discourse Connect Bypass

CVE-2024-47773 HIGH

Discourse < 3.3.2 - Unauthenticated Cache Poisoning via XHR Requests

CVE-2024-47772 MEDIUM

Discourse < 3.3.2 and < 3.4.0 - Stored Cross-Site Scripting via Chat Message Reply

CVE-2024-45297 MEDIUM

Discourse < 3.3.2 and < 3.4.0 - Improper Privilege Management

CVE-2024-45051 HIGH

Discourse < 3.3.2 and < 3.4.0 - Improper Authentication via Maliciously Crafted Email Address

CVE-2024-43789 HIGH

Discourse < 3.3.1 and < 3.4.0 - Denial of Service via Excessive Post Replies

CVE-2024-45303 MEDIUM

Discourse Calendar < 0.5 - Cross-Site Scripting in Event Name Rendering

CVE-2024-21658 MEDIUM

discourse_calendar < 2024-08-28 - Denial of Service via Excessive Region Value Length

CVE-2024-43408 MEDIUM

discourse-placeholder-theme-component - Stored Cross-Site Scripting via Unsanitized User Input

CVE-2024-39320 MEDIUM

Discourse < 3.2.5 - Unauthenticated iframe Injection via Allowed Iframes Bypass

Previous Page 5 of 11 Next

Products

discourse 241 calendar 4 discourse-chat 3 discourse_calendar 3 discourse_reactions 2 WP Discourse 1 ai 1 assign 1 discotoc 1 discourse-ai 1 discourse-code-review 1 discourse-encrypt 1 discourse-placeholder-theme-component 1 discourse-policy 1 discourse-reactions 1 discourse_bbcode 1 discourse_footnote 1 discourse_jira 1 discourse_yearly_review 1 group_membership_ip_blocks 1 mermaid 1 message_bus 1 microsoft_authentication 1 patreon 1 rails_multisite 1 reactions 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy