Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1034926 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/28 8:29 p.m.7 views

CVE-2026-42071

Mantis Bug Tracker MantisBT is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint...

7.2CVSS5.8AI score0.00046EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/28 8:28 p.m.5 views

CVE-2026-42070 MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, the mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing t...

5.3CVSS5.8AI score0.00043EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/28 8:28 p.m.8 views

EUVD-2026-33026

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, the mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing t...

5.3CVSS5.8AI score0.00043EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/28 8:27 p.m.8 views

CVE-2026-44655

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...

8.6CVSS5.8AI score0.00057EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2026/05/28 8:27 p.m.8 views

EUVD-2026-33025

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...

8.6CVSS5.8AI score0.00057EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/28 8:27 p.m.9 views

CVE-2026-44655 MantisBT: Stored XSS on Move Attachments Admin Page

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...

8.6CVSS5.8AI score0.00057EPSS
Exploits0References2
CVE
CVEadded 2026/05/28 8:26 p.m.15 views

CVE-2026-41897

CVE-2026-41897 affects MantisBT (Mantis Bug Tracker) from versions 1.0.0 through 2.28.1. The root cause is lack of validation of the filter_target parameter in return_dynamic_filters.php, used for AJAX on the View Issues page, which allows an attacker to inject arbitrary HTML when the target is a...

5.3CVSS5.9AI score0.00049EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/28 8:26 p.m.6 views

CVE-2026-41897 MantisBT: Reflected XSS in Rendering Dynamic Custom Textarea Field

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. This...

5.3CVSS5.9AI score0.00049EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/28 8:26 p.m.8 views

CVE-2026-41897

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. This...

5.3CVSS5.9AI score0.00049EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2026/05/28 8:26 p.m.7 views

EUVD-2026-33024

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. This...

5.3CVSS5.9AI score0.00049EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/28 8:26 p.m.24 views

CVE-2026-41897 MantisBT: Reflected XSS in Rendering Dynamic Custom Textarea Field

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. This...

5.3CVSS0.00049EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/28 8:25 p.m.5 views

CVE-2026-44657

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability i...

7.5CVSS6AI score0.00072EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2026/05/28 8:25 p.m.23 views

CVE-2026-44657 MantisBT: Stored XSS in File Download

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability i...

7.5CVSS0.00072EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/28 8:25 p.m.7 views

CVE-2026-44657 MantisBT: Stored XSS in File Download

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability i...

7.5CVSS6AI score0.00072EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/28 8:25 p.m.9 views

EUVD-2026-33023

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability i...

7.5CVSS6AI score0.00072EPSS
Exploits0References4
CVE
CVEadded 2026/05/28 8:25 p.m.13 views

CVE-2026-44657

CVE-2026-44657 – MantisBT : Before version 2.28.2, an attacker can execute code by exploiting a stored XSS vector in file_download.php. When the request uses show_inline=1 together with a valid file_show_inline CSRF token and the uploader references a crafted XHTML attachment that points to a Jav...

7.5CVSS6AI score0.00072EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/05/28 8:20 p.m.9 views

CVE-2026-9126

An use after free flaw was found in the DOM component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496280532...

8.8CVSS5.7AI score0.0003EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/05/28 8:13 p.m.8 views

CVE-2026-46427

Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is DatasourceFieldType.PASSWORD. The Snowflake integration types its privateKey field as...

7.7CVSS5.8AI score0.00034EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/28 6:28 p.m.6 views

EUVD-2026-32989

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly sleep while holding a spinlock in notification handling code. The bug can be triggered by an unprivileged local user and can result in kernel panic or deadlock...

5.5CVSS5.8AI score0.00013EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/28 6:28 p.m.36 views

CVE-2026-47332 Out-of-bounds read in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in information disclosure from adjacent...

5.5CVSS0.00014EPSS
Exploits0References1
Rows per page
Query Builder