CVE-2025-62520 MantisBT unauthorized disclosure of private project column configuration

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manageconfigcolumnspage.php can use the Copy From action to retrieve the columns configuration from a private project they have no...

CVE-2025-62520

CVE-2025-62520 concerns MantisBT prior to 2.27.2. The issue arises from insufficient access checks in manage_config_columns_page.php, allowing any non-admin user with access to that page to use Copy From to retrieve the columns configuration from a private project they should not access. Affected...

CVE-2025-62520 MantisBT unauthorized disclosure of private project column configuration

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manageconfigcolumnspage.php can use the Copy From action to retrieve the columns configuration from a private project they have no...

CVE-2025-62520 MantisBT unauthorized disclosure of private project column configuration

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manageconfigcolumnspage.php can use the Copy From action to retrieve the columns configuration from a private project they have no...

Fuji Electric Monitouch V-SFT-6 (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could crash the accessed device; a buffer overflow condition may allow remote code execution. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive...

Creating a Linux Application Using VSCodium, Cline, OpenRouter, and Claude

In March I created a Windows Application Using Visual Studio Code, Cline, OpenRouter, and Claude. This was a program that created square screen captures. The user doesn't need to manually ensure the dimensions are a square. The program makes the window grow and shrink while keeping the length equ...

Fuji Electric V-SFT-6 安全漏洞

Fuji Electric V-SFT-6 is a Fuji Electric operator interface software from Fuji Electric, Japan. A security vulnerability exists in Fuji Electric V-SFT-6 that stems from a maliciously constructed project file that could result in a heap-based buffer overflow, potentially allowing an attacker to...

PT-2025-45050

Name of the Vulnerable Software and Affected Versions Fuji Electric Monitouch V-SFT-6 affected versions not specified Description The software is susceptible to a stack-based buffer overflow when handling a specifically designed project file. Successful exploitation of this issue could allow an...

Fuji Electric V-SFT-6 安全漏洞

Fuji Electric V-SFT-6 is a Fuji Electric operator interface software from Fuji Electric, Japan. A security vulnerability exists in Fuji Electric V-SFT-6 that originates from a stack buffer overflow when processing specially crafted project files, which could lead to the execution of arbitrary cod...

MantisBT 授权问题漏洞

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. An authorization issue vulnerability exists in MantisBT 2.27.1 and earlier versions, which stems from insufficient...

PT-2025-45049

Name of the Vulnerable Software and Affected Versions Fuji Electric Monitouch V-SFT-6 affected versions not specified Description A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, potentially allowing an attacker to execute arbitrary cod...

CVE-2025-63293

FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API...

EUVD-2025-37521

MantisBT unauthorized disclosure of private project column configuration...

GHSA-G582-8VWR-68H2 MantisBT unauthorized disclosure of private project column configuration

Impact Due to insufficient access-level checks, any non-admin user having access to manageconfigcolumnspage.php typically project managers having MANAGER role can use the Copy From action to retrieve the columns configuration from a private project they have no access to. Access to the reverse...

MantisBT unauthorized disclosure of private project column configuration

Impact Due to insufficient access-level checks, any non-admin user having access to manageconfigcolumnspage.php typically project managers having MANAGER role can use the Copy From action to retrieve the columns configuration from a private project they have no access to. Access to the reverse...

CVE-2025-12623

A vulnerability was identified in fushengqian fuint up to 41e26be8a2c609413a0feaa69bdad33a71ae8032. Affected by this issue is some unknown functionality of the file fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController.java of the component Authentication Toke...

FairSketch Rise Ultimate Project Manager and CRM 安全漏洞

FairSketch Rise Ultimate Project Manager and CRM is a team management and customer relationship management system from FairSketch. A security vulnerability exists in FairSketch Rise Ultimate Project Manager and CRM version 3.9.4, which stems from a lack of authorization checking in the ticket...

PT-2025-44805

Name of the Vulnerable Software and Affected Versions MantisBT versions 2.27.1 and below Description Mantis Bug Tracker MantisBT is an open source issue tracker. Insufficient access-level checks allow a non-admin user with access to the manage config columns page.php page to retrieve the columns...

CVE-2025-63293

Product: FairSketch Rise Ultimate Project Manager & CRM 3.9.4. Vulnerability: Insecure Permissions in the ticketing/commenting API, allowing a remote authenticated user to append comments or upload attachments to tickets they should not view/edit due to missing authorization checks. Impact (per s...

CVE-2025-11677

creationtimestamp| type| source ---|---|--- 2025-11-02 11:32:23+00:00| seen| https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3m4nftvzd3u2z 2025-11-10 20:37:37+00:00| seen| https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3m5ci27wgej2z...