CVE-2026-34970
- EPSS 0.37%
- Veröffentlicht 19.05.2026 23:17:59
- Zuletzt bearbeitet 20.05.2026 14:06:33
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2.
CVE-2026-34754
- EPSS 0.25%
- Veröffentlicht 19.05.2026 23:05:27
- Zuletzt bearbeitet 20.05.2026 14:06:33
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2.
CVE-2026-34744
- EPSS 0.36%
- Veröffentlicht 19.05.2026 22:45:35
- Zuletzt bearbeitet 20.05.2026 14:06:33
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior permit a user to list and download their own attachments from an Issue created by another user even after it becomes private, bypassing read access revocation. T...
CVE-2026-34579
- EPSS 0.36%
- Veröffentlicht 19.05.2026 22:06:26
- Zuletzt bearbeitet 20.05.2026 14:06:33
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bug_monitor_add.php, a user with project-le...
CVE-2026-34463
- EPSS 0.44%
- Veröffentlicht 19.05.2026 21:57:49
- Zuletzt bearbeitet 20.05.2026 14:06:33
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form (bug_report_page.php) prepends th...
CVE-2026-34390
- EPSS 0.43%
- Veröffentlicht 19.05.2026 21:54:26
- Zuletzt bearbeitet 20.05.2026 14:06:33
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand (manage_proj_user_add.php) allow users having manage...
CVE-2026-33052
- EPSS 0.34%
- Veröffentlicht 19.05.2026 00:29:05
- Zuletzt bearbeitet 19.05.2026 15:04:09
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "add_profile_threshold" permission to create a global profile despite not having manage_global_profile_th...
CVE-2026-33548
- EPSS 0.2%
- Veröffentlicht 23.03.2026 19:15:18
- Zuletzt bearbeitet 25.03.2026 13:55:15
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline (my_view_page.php) allows an attacker to inject HTML and, if CSP settings permit, achieve execution of...
CVE-2026-33517
- EPSS 0.24%
- Veröffentlicht 23.03.2026 19:13:15
- Zuletzt bearbeitet 25.03.2026 13:58:07
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In version 2.28.0, when deleting a Tag (tag_delete.php), improper escaping of its name when displaying the confirmation message allows an attacker to inject HTML and, if CSP settings perm...
CVE-2026-30849
- EPSS 0.41%
- Veröffentlicht 23.03.2026 19:10:34
- Zuletzt bearbeitet 25.03.2026 13:59:26
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of an improper type checking on the password...