3396 matches found
CVE-2026-44655
Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...
CVE-2026-42071 MantisBT: Private Bugnote Attachment Content Leak via REST API
Mantis Bug Tracker MantisBT is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint...
CVE-2026-42071
Summary: CVE-2026-42071 affects MantisBT, specifically versions 2.23.0 through 2.28.1, where a missing authorization check in the file visibility function allows any authenticated user (REPORTER+) to download attachments from private bugnotes via REST API GET /api/rest/issues/{id}/files and SOAP ...
CVE-2026-42071
Mantis Bug Tracker MantisBT is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint...
CVE-2026-44655
Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...
CVE-2026-44655 MantisBT: Stored XSS on Move Attachments Admin Page
Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...
CVE-2026-44655
Affected software: MantisBT (Mantis Bug Tracker). Vulnerable versions: 1.3.0–2.28.1. Component: Move Attachments admin page, where Unescaped Project Name can be set by users with manager/administrator access. Root cause: unescaped project name leads to HTML injection (stored XSS). Impact: stored ...
CVE-2026-44655 MantisBT: Stored XSS on Move Attachments Admin Page
Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...
EUVD-2026-33025
Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...
CVE-2026-7651
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is due to missing...
CVE-2026-7651
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is due to missing...
Mantis Bug Tracker 跨站脚本漏洞
Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.2 contained a cross-site scripting vulnerability. This vulnerability occurred when using the showinline=1 parameter and a valid CSRF token, allowing attackers to...
Mantis Bug Tracker(MantisBT) 跨站脚本漏洞
Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker from 1.3.0 to 2.28.1 contained a cross-site scripting vulnerability. This vulnerability occurred due to the lack of escaping of project names, allowing attackers with...
PT-2026-44204
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is due to missing...
CVE-2026-46426
Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...
EUVD-2026-32532
Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi...
Webmin 跨站脚本漏洞
Webmin is a set of web-based system management tools for Unix-like operating systems, developed by the Webmin community. Versions of Webmin prior to 2.640 contained a cross-site scripting vulnerability. This vulnerability occurred when viewing SVG document attachments in the mailboxes component,...
PT-2026-44031
Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi...
CVE-2026-4915
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to filter nil elements from outgoing webhook attachment payloads before processing, which allows an authenticated user to cause a denial of service server process termination via a crafted webhook...
CVE-2026-44844 eml_parser: Recursion DoS via nested message/rfc822 attachments
emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who ca...