CVE-2026-40596

Summary (CVE-2026-40596): MantisBT versions 2.11.0–2.28.1 are vulnerable to cross-site scripting via an authenticated user updating their font-family preference. The XSS payload is reflected on every page; with a CSP bypass (GHSA-9c3j-xm6v-j7j3) this could enable account takeover. The issue is fi...

CVE-2026-40596

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging another vulnerability...

EUVD-2026-31492

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging another vulnerability...

CVE-2026-40596 MantisBT is vulnerable to XSS and potential account takeover via user font family preference update

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging another vulnerability...

CVE-2026-39966

TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API endpoint returns full bot definitions to any authenticated user who references a target bot ID in a Typebot Link block, regardless of workspace ownership, leading to IDOR. The authorization check uses Array.filter wi...

Cross-site Scripting (XSS)

Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the writeQuoted function, which does not properly handle characters in DOCTYPE data. An attacker can cause the...

EUVD-2026-30674

qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set...

OESA-2026-2412 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

OESA-2026-2411 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

OESA-2026-2410 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

OESA-2026-2409 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

CVE-2026-3636 Sanitize team member data returned by API

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to sanitize team member data when returned via API to users without elevated permissions which allows a user without permissions to get data about team members roles via invoking various team API...

RHSA-2026:7412 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...

RHSA-2026:20334 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...

RHSA-2026:20074 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...

CLSA-2026-1779375889 kernel: Fix of 95 CVEs

perf/x86/intel/uncore: Fix die ID init and look up bugs CVE-2026-43344 - x86/apic: Disable x2apic on resume if the kernel expects so CVE-2026-43363 - drm/amdgpu: Fix use-after-free race in VM acquire CVE-2026-43370 - dm: remove fake timeout to avoid leak request CVE-2026-43314 - md/bitmap: fix...

Chromium: CVE-2026-9113 Out of bounds read in GPU

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-39831

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

EUVD-2026-31388

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

Mantis Bug Tracker 安全漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Mantis Bug Tracker versions 2.28.1 and earlier have security vulnerabilities, which stem from improper escaping of redirect pages, potentially leading to HTML injection attacks. The following versions are...