CVE-2026-42070 MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, the mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing t...

CVE-2026-42070 MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, the mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing t...

CVE-2026-42070

Summary: MantisBT prior to 2.28.2 is vulnerable to Authorization Bypass in bugnote editing via the Issue Update API. The mc_issue_update() function allows users with update_bug_threshold (UPDATER, default) to edit, change view state, and modify time tracking on bugnotes owned by other users, bypa...

GHSA-PQ86-J2C2-47F6 MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API

The mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing the default DEVELOPER level 55 threshold required by the dedicated...

MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API

The mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing the default DEVELOPER level 55 threshold required by the dedicated...

Incorrect Authorization

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Incorrect Authorization in the mcissueupdate function. An attacker can modify, edit, or change the visibility of bugnotes belonging to other users by leveraging insufficient access control chec...

EUVD-2024-2058

Malicious code in bioql PyPI...

CVE-2025-38362

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null pointer check for getfirstactivedisplay The function modhdcphdcp1enableencryption calls the function getfirstactivedisplay, but does not check its return value. The return value is a null pointer if the...

PT-2025-28797 · Adobe · Incopy

Name of the Vulnerable Software and Affected Versions: InCopy versions 20.3 and 19.5.3 and earlier Description: InCopy is affected by an Integer Underflow Wrap or Wraparound issue that may lead to arbitrary code execution with current user privileges. Exploitation requires a user to open a...

PT-2025-23670 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.10 Description: The issue concerns ineffective secret verification in DataEase, allowing a user to forge a JWT token using any secret. This could potentially lead to unauthorized access. The problem has been...

CVE-2021-41150

Tough provides a set of Rust libraries and tools for using and generating the update framework TUF repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is...

Huawei EulerOS: Security Advisory for elfutils (EulerOS-SA-2025-1473)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-37800

In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in devuevent If userspace reads "uevent" device attribute at the same time as another threads unbinds the device from its driver, change to dev-driver from a valid pointer to NU...

PT-2025-17639

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.1-44 Description The issue is related to the mishandling of packet size in multispectral MIFF image processing, which is connected to the rendering of all channels in an arbitrary order. Recommendations For...

PT-2025-17421

Name of the Vulnerable Software and Affected Versions LibRaw versions prior to 0.21.4 Description The issue arises from the processing of tag 0x412 in the phase one correct function within decoders/load mfbacks.cpp, where minimum w0 and w1 values are not enforced. Recommendations For versions pri...

PT-2025-17418

Name of the Vulnerable Software and Affected Versions LibRaw versions prior to 0.21.4 Description The issue is related to an out-of-bounds read in the Fujifilm 0xf00c tag parser within the metadata/tiff.cpp file. Recommendations For versions prior to 0.21.4, update to version 0.21.4 or later to...

CVE-2024-57642

An issue in the dfeinxopcoldeftable component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2024-57664

An issue in the sqlggroupnode component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

PT-2025-30212

Name of the Vulnerable Software and Affected Versions mbedtls versions prior to 3.6.4 Description The software contains a use-after-free issue in the mbedtls x509 string to names function. This function incorrectly frees a pointer that application code may still be using, leading to a potential...

CVE-2024-50076

In the Linux kernel, the following vulnerability has been resolved: vt: prevent kernel-infoleak in confontget font.data may not initialize all memory spaces depending on the implementation of vc-vcsw-confontget. This may cause info-leak, so to prevent this, it is safest to modify it to initialize...