CVE-2024-34077

MantisBT Mantis Bug Tracker is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible whi...

EUVD-2024-1549

Malicious code in bioql PyPI...

EUVD-2024-1832

Malicious code in bioql PyPI...

CVE-2024-38524

GeoServer/GeoWebCacheDispatcher.handleFrontPage has no check to hide sensitive information, exposing storage locations, config file paths, and temporarily server-start-time via the GeoWebCache home page. Affected component is org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletReques...

CVE-2024-34081

MantisBT Mantis Bug Tracker is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues bugchangestatuspage.php belonging to a project linking...

MantisBT Cross-Site Scripting Vulnerability (CNVD-2024-26080)

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. MantisBT 2.26.2 before the version of the cross-site scripting vulnerability , the vulnerability stems from the...

MantisBT 安全漏洞

MantisBT is a Web-based open source defect tracking system from the MantisBT team. The system provides project management and defect tracking services in a web-operable format. A security vulnerability exists in MantisBT versions prior to 2.26.2, which stems from an issue that exposes sensitive...

MantisBT 安全漏洞

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. MantisBT 2.26.2 before the version of the cross-site scripting vulnerability , the vulnerability stems from the...

CVE-2024-34081 MantisBT Cross-site Scripting vulnerability

MantisBT Mantis Bug Tracker is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues bugchangestatuspage.php belonging to a project linking...

CVE-2024-34080 MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

MantisBT Mantis Bug Tracker is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the...

CVE-2024-34080 MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

MantisBT Mantis Bug Tracker is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the...

CVE-2024-34077 MantisBT user account takeover in the signup/reset password process

MantisBT Mantis Bug Tracker is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible whi...

PT-2024-25691

Name of the Vulnerable Software and Affected Versions MantisBT versions prior to 2.26.2 Description The issue affects MantisBT, an open source issue tracker, where an issue referencing a note from another issue that the user does not have access to becomes hyperlinked. Although clicking the link...

PT-2024-25687 · Mantisbt · Mantisbt

Name of the Vulnerable Software and Affected Versions: MantisBT versions prior to 2.26.2 Description: Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request...

VulnCheck KEV: CVE-2021-3223

Node-RED-Dashboard before 2.26.2 allows uibase/js/..%2f directory traversal to read files...

SUSE: Security Advisory (SUSE-SU-2020:1295-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-3223

Node-RED-Dashboard before 2.26.2 allows uibase/js/..%2f directory traversal to read files...

openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:2591-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : webkit2gtk3 (openSUSE-2019-2587)

This update for webkit2gtk3 to version 2.26.2 fixes the following issues : Webkit2gtk3 was updated to version 2.26.2 WSA-2019-0005 and WSA-2019-0006, bsc1155321 bsc1156318 Security issues addressed : - CVE-2019-8625: Fixed a logic issue where by processing maliciously crafted web content may lead...

openSUSE Security Update : webkit2gtk3 (openSUSE-2019-2591)

This update for webkit2gtk3 to version 2.26.2 fixes the following issues : Webkit2gtk3 was updated to version 2.26.2 WSA-2019-0005 and WSA-2019-0006, bsc1155321 bsc1156318 Security issues addressed : - CVE-2019-8625: Fixed a logic issue where by processing maliciously crafted web content may lead...