CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added yesterday•3 views

CVE-2026-34744

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior permit a user to list and download their own attachments from an Issue created by another user even after it becomes private, bypassing read access revocation. The loss of confidentiality caused by this...

5.3CVSS5.3AI score0.00014EPSS

NVD•added 2026/05/20 12:16 a.m.•7 views

CVE-2026-34754

4.3CVSS0.00028EPSS

CNNVD•added 2026/05/20 12:0 a.m.•4 views

Mantis Bug Tracker 信息泄露漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.1 contained a vulnerability related to information leakage. This vulnerability stemmed from allowing incorrect annotators to access the revised pages of...

5.3CVSS5.8AI score0.00015EPSS

CNNVD•added 2026/05/20 12:0 a.m.•5 views

Mantis Bug Tracker（MantisBT）访问控制错误漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.1 contained an access control vulnerability. This vulnerability stemmed from allowing authenticated users to upload attachments to private issues that they did n...

4.3CVSS5.8AI score0.00028EPSS

NVD•added 2026/05/19 11:16 p.m.•7 views

CVE-2026-34744

5.3CVSS0.00014EPSS

EUVD•added 2026/05/19 11:5 p.m.•6 views

EUVD-2026-31003

Vulnrichment•added 2026/05/19 11:5 p.m.•4 views

CVE-2026-34754 MantisBT allows unauthorized users to upload attachments to restricted issues via REST API

ATTACKERKB•added 2026/05/19 11:5 p.m.•6 views

CVE-2026-34754

Exploits0References4Affected Software1

CVE•added 2026/05/19 11:5 p.m.•10 views

CVE-2026-34754

MantisBT (Mantis Bug Tracker) REST API allows an authenticated user to upload attachments to private issues they are not authorized to access. Affected: version 2.28.1 and earlier; root cause: unauthorized attachment upload via REST API. Impact: potential access/obstruction on private issues due ...

EUVD•added 2026/05/19 10:45 p.m.•5 views

EUVD-2026-31004

Vulnrichment•added 2026/05/19 10:45 p.m.•5 views

CVE-2026-34744 MantisBT authorization bypass allows continued access to self-uploaded attachments on private issues

CVE•added 2026/05/19 10:45 p.m.•9 views

CVE-2026-34744

Vulnerability summary (CVE-2026-34744) MantisBT (Mantis Bug Tracker) prior to version 2.28.2 is affected by an authorization bypass where a user can list and download their own attachments from an issue created by another user after the issue becomes private, bypassing read access revocation. The...

Cvelist•added 2026/05/19 10:45 p.m.•25 views

CVE-2026-34744 MantisBT authorization bypass allows continued access to self-uploaded attachments on private issues

5.3CVSS0.00014EPSS

ATTACKERKB•added 2026/05/19 10:6 p.m.•7 views

CVE-2026-34579

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

Exploits0References4Affected Software1

CVE•added 2026/05/19 10:6 p.m.•9 views

CVE-2026-34579

CVE-2026-34579 affects MantisBT up to version 2.28.1, where a crafted POST to bug_monitor_add.php allows a project‑level user to add themselves as a monitor to a private issue they cannot access. The request is accepted after an Access Denied is shown, creating a monitor relationship that trigger...