32 matches found
CVE-2026-25198
web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an open redirect vulnerability. If this vulnerability is exploited, the user may be redirected to an arbitrary website when accessing a specially crafted URL. As a result, the user may become a victim of a phishing atta...
web2py has an Open Redirect Vulnerability
web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an Open Redirect vulnerability. If this vulnerability is exploited, the user may be redirected to an arbitrary website when accessing a specially crafted URL. As a result, the user may become a victim of a phishing atta...
CVE-2026-25198
web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an open redirect vulnerability. If this vulnerability is exploited, the user may be redirected to an arbitrary website when accessing a specially crafted URL. As a result, the user may become a victim of a phishing atta...
CVE-2025-47776
Mantis Bug Tracker MantisBT is an open source issue tracker. Due to incorrect use of loose == instead of strict === comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instanc...
CVE-2025-62520
CVE-2025-62520 concerns MantisBT prior to 2.27.2. The issue arises from insufficient access checks in manage_config_columns_page.php, allowing any non-admin user with access to that page to use Copy From to retrieve the columns configuration from a private project they should not access. Affected...
CVE-2025-55155
Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. This could result in storing an invalid email address, preventing...
CVE-2025-47776 MantisBT: Authentication bypass for some passwords due to PHP type juggling
Mantis Bug Tracker MantisBT is an open source issue tracker. Due to incorrect use of loose == instead of strict === comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instanc...
CVE-2025-47776 MantisBT: Authentication bypass for some passwords due to PHP type juggling
Mantis Bug Tracker MantisBT is an open source issue tracker. Due to incorrect use of loose == instead of strict === comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instanc...
CVE-2025-47776 MantisBT: Authentication bypass for some passwords due to PHP type juggling
Mantis Bug Tracker MantisBT is an open source issue tracker. Due to incorrect use of loose == instead of strict === comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instanc...
CVE-2025-46556 MantisBT is Vulnerable to Denial-of-Service (DoS) attack via Excessive Note Length
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently corrupt issue activity logs by submitting extremely long notes tested with 4,788,761 characters due to a lack of server-side validation of note length. Once such a note is added,...
PT-2025-44808
Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker versions 2.27.1 and below Description Mantis Bug Tracker is an open source issue tracker. A lack of server-side validation of note length allows attackers to permanently corrupt issue activity logs by submitting extremely lo...
PT-2025-45043
Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker versions 2.27.1 and below Description Mantis Bug Tracker contains a flaw in its authentication code due to the use of loose comparison == instead of strict comparison ===. PHP type juggling can cause certain MD5 hashes...
MantisBT 安全漏洞
MantisBT is a Web-based open source defect tracking system from the MantisBT team. The system provides project management and defect tracking services in a web-operated format. A security vulnerability exists in MantisBT 2.27.1 and earlier versions, which stems from an unvalidated comment length...
CVE-2021-26843
An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the dedotdot function may cause a Denial-of-Service daemon crash due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted...
CVE-2025-32161
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryo Arkhe Blocks arkhe-blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through = 2.27.1...
CVE-2025-32161
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryo Arkhe Blocks arkhe-blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through = 2.27.1...
CVE-2025-32161
CVE-2025-32161 describes a Stored XSS in Arkhe Blocks (WordPress plugin). The connected materials confirm the issue is an improper neutralization of input during web page generation, enabling cross-site scripting in Arkhe Blocks versions from n/a up to 2.27.1. The CVSS/metrics indicate a medium s...
CVE-2025-32161 WordPress Arkhe Blocks plugin <= 2.27.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryo Arkhe Blocks arkhe-blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through = 2.27.1...
WordPress plugin Arkhe Blocks 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2023-32681 affecting package python-requests for versions less than 2.27.1-6
CVE-2023-32681 affecting package python-requests for versions less than 2.27.1-6. A patched version of the package is available...