VYPR

Data Explorer plugin

by Discourse (software)

CVEs (2)

  • CVE-2026-28218Feb 26, 2026
    risk 0.00cvss epss 0.00

    Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, fail-open access control in Data Explorer plugin allows any authenticated user to execute SQL queries that have no explicit group assignments, including built-in system queries.…

  • CVE-2026-27150Feb 26, 2026
    risk 0.00cvss epss 0.00

    Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing `validate_before_create` authorization in Data Explorer's `QueryGroupBookmarkable` allows any logged-in user to create bookmarks for query groups they don't have access…