13 matches found
CVE-2026-34463
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector...
CVE-2026-34463 MantisBT has Stored HTML Injection/XSS via Clone Issue Form
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector...
MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form
When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector without proper escaping, allowing an attacker able to to inject HTML if they can set the Project's name which typically...
GHSA-FVJF-68WH-RWP2 MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form
When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector without proper escaping, allowing an attacker able to to inject HTML if they can set the Project's name which typically...
Linux Distros Unpatched Vulnerability : CVE-2026-23385
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftables: clone set on flush only Syzbot with fault injection triggered a failing memory allocation with GFPKERNEL which results in a WARN splat:...
GHSA-J443-WCQQ-XPRH Terraform Provider for SendGrid: TLS Session Resumption Bypasses Certificate Authority Trust Store Modifications in Go
Summary A critical vulnerability has been identified at https://security.snyk.io/package/linux/chainguard:latest/terraform-provider-sendgrid, associated with the underlying Go version. If the server's TLS configuration is mutated between connections — for example, a CA is removed from the trusted...
EUVD-2021-1866
Malware in sbrugna...
EUVD-2023-0085
Malicious code in bioql PyPI...
CVE-2020-29604
An issue was discovered in MantisBT before 2.24.4. A missing access check in bugactiongroup.php allows an attacker with rights to create new issues to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue i.e., one having Private view status, or...
Mquery Security Vulnerability
Aheckmann Mquery is a Javascript-based codebase for efficiently generating Mongdb query statements from the individual developer Aheckmann. A security vulnerability exists in mquery lib/utils.js versions prior to 3.2.3, which allows contamination attacks because a special attribute e.g. proto can...
Project description is persistent XSS vector for project admins
This issue is a clone of another one that was fixed in OD but left unfixed in BTF as "admin xss". It has been pointed out by several customers that this exploit requires only project admin level of privilege. The following project description: code alert1 code Pops up in the view project page, th...
OpenJDK Inflater/Deflater clone issues (6745393)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than...
cPanel 5/6 / Formail-Clone - E-Mail Restriction Bypass
source: https://www.securityfocus.com/bid/7758/info It has been reported that cPanel is prone to an issue where a remote attacker may bypass cPanel Formail-clone local domain checks and have untrusted e-mail delivered in the context of the vulnerable host. This issue may be exploited by an attack...