CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added yesterday•4 views

CVE-2026-34754

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2...

4.3CVSS5.3AI score0.00028EPSS

RedhatCVE•added yesterday•3 views

CVE-2026-34970

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2...

5.3CVSS5.3AI score0.00015EPSS

RedhatCVE•added yesterday•2 views

CVE-2026-34463

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector...

8.6CVSS5.3AI score0.00017EPSS

RedhatCVE•added yesterday•2 views

CVE-2026-44655

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...

8.6CVSS5.4AI score0.00057EPSS

NVD•added 2026/05/28 9:16 p.m.•6 views

CVE-2026-41897

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. This...

5.3CVSS0.00049EPSS

CVE•added 2026/05/28 8:29 p.m.•13 views

CVE-2026-42071

Summary: CVE-2026-42071 affects MantisBT, specifically versions 2.23.0 through 2.28.1, where a missing authorization check in the file visibility function allows any authenticated user (REPORTER+) to download attachments from private bugnotes via REST API GET /api/rest/issues/{id}/files and SOAP ...

7.2CVSS5.8AI score0.00046EPSS

EUVD•added 2026/05/28 8:29 p.m.•8 views

EUVD-2026-33027

Mantis Bug Tracker MantisBT is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint...

7.2CVSS5.8AI score0.00046EPSS

ATTACKERKB•added 2026/05/28 8:27 p.m.•7 views

CVE-2026-44655

8.6CVSS5.8AI score0.00057EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/28 8:27 p.m.•8 views

CVE-2026-44655 MantisBT: Stored XSS on Move Attachments Admin Page

8.6CVSS5.8AI score0.00057EPSS

Exploits0References2

Cvelist•added 2026/05/28 8:26 p.m.•23 views

CVE-2026-41897 MantisBT: Reflected XSS in Rendering Dynamic Custom Textarea Field

5.3CVSS0.00049EPSS

EUVD•added 2026/05/28 8:26 p.m.•6 views

EUVD-2026-33024

5.3CVSS5.9AI score0.00049EPSS

RedhatCVE•added 2026/05/26 8:14 p.m.•9 views

CVE-2026-40607

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Note that By default, only...

7.5CVSS5.9AI score0.00054EPSS

EUVD•added 2026/05/22 7:39 p.m.•7 views

EUVD-2026-31495

7.5CVSS5.9AI score0.00054EPSS

CVE•added 2026/05/22 7:32 p.m.•25 views

CVE-2026-40598

CVE-2026-40598 affects MantisBT (Mantis Bug Tracker). In versions 2.28.1 and earlier, improper escaping of the redirection page (constructed from the Referer header) allows an attacker to inject HTML, which can lead to cross-site scripting (XSS) in certain server configurations where the cache is...

6.9CVSS5.3AI score0.00059EPSS

Cvelist•added 2026/05/22 7:32 p.m.•6 views

CVE-2026-40598 MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.28.1 and below, improper escaping of the redirection page retrieved from the request's Referer header allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode...

6.9CVSS0.00059EPSS

CVE•added 2026/05/22 7:29 p.m.•33 views

CVE-2026-40597

CVE-2026-40597 affects MantisBT 2.28.1 and earlier. A pre‑existing XSS/HTML injection vulnerability can be chained with a crafted attachment uploaded to an issue; when downloaded via file_download.php, the attachment can be served with a valid JavaScript MIME type, bypassing CSP script-src and ex...

7.6CVSS5.7AI score0.00071EPSS

EUVD•added 2026/05/22 7:29 p.m.•11 views

EUVD-2026-31496

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.28.1 and below, given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's script-src directive by uploading a crafted attachment to any issue that, when accessed via th...

7.6CVSS5.7AI score0.00071EPSS

Cvelist•added 2026/05/22 7:25 p.m.•6 views

CVE-2026-40596 MantisBT is vulnerable to XSS and potential account takeover via user font family preference update

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging another vulnerability...

7.2CVSS0.00056EPSS

EUVD•added 2026/05/22 7:25 p.m.•6 views

EUVD-2026-31492

7.2CVSS5.9AI score0.00056EPSS