MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-47264	Discourse: Don’t leak restricted tag group names via tag info_CVE-2026-47264 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-47263	Discourse: Prevent webhook payload disclosure on event redelivery_CVE-2026-47263 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 6.8	CVE-2026-45775	Discourse: Cross-site backup access via path traversal in multisite local backups_CVE-2026-45775 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-45085	Discourse: Chat misauthorization and information disclosure_CVE-2026-45085 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-45014	Apostrophe Vulnerable to Stored Cross-Site Scripting via Unsanitized User Display Name in Draft Version Tooltip_CVE-2026-45014 ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 are vulnerable to stored cross-site scriptin...	apostrophecms	apostrophe <= 4.29.0	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-44785	Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts_CVE-2026-44785 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-44784	Discourse: Non-staff group owners can see email password in plaintext through group history_CVE-2026-44784 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 5.4	CVE-2026-44783	Discourse: Replying to a whisper lets non-whisperers create staff-only whisper posts_CVE-2026-44783 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-44782	Discourse: GroupPostSerializer leaks hidden full names through reaction post association_CVE-2026-44782 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-44780	Discourse: Category queue reviewers can read raw incoming emails from queued posts_CVE-2026-44780 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.4.0-latest, < 2026.4.1	Jun 12, 2026	CVE