高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
公開POCは見つかりませんでした。
ログインしてAI POCを生成| CVE-2026-33424 | 5.9 MEDIUM | PM access granted through invites after access revocation |
| CVE-2026-33411 | 5.4 MEDIUM | Discourse's solved topic stream has potential stored XSS in topic title |
| CVE-2026-33251 | 5.4 MEDIUM | Discourse has a Hidden Solved topics permission bypass |
| CVE-2026-31805 | 5.3 MEDIUM | Discourse has a poll authorization bypass via post_id array parameter |
| CVE-2026-33422 | 3.5 LOW | Discourse exposes ip_address of flagged user |
| CVE-2026-33426 | 3.5 LOW | Discourse users can edit or synonymize hidden tags they can't see |
| CVE-2026-30888 | 2.2 LOW | Discourse has moderator privilege escalation via arbitrary post_id in suspend/silence endp |
| CVE-2026-31869 | Discourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_na | |
| CVE-2026-30891 | Discourse hasUnauthorized Exposure of Private User Action Types | |
| CVE-2026-32114 | Discourse's unscoped status lookups leak restricted metadata | |
| CVE-2026-33291 | Discourse user can create Zendesk tickets even when it does not have access to topic | |
| CVE-2026-33423 | Discourse staff can modify any user's group notification level | |
| CVE-2026-33425 | Discourse has inferable private group membership or existence via exclude_groups parameter | |
| CVE-2026-33427 | Discourse Authorization Page Displays Unvalidated Redirect Domain | |
| CVE-2026-33428 | Discourse Allows Unauthorized Access to Deleted Posts Index via Group Membership |
まだコメントはありません