Lucene search
K

4 matches found

Snyk
Snyk
added 2026/06/05 9:43 p.m.9 views

Authorization Bypass Through User-Controlled Key

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the event lookup process. An attacker can access unauthorized event data by providing a valid event UUID belonging to another project. Note: Thi...

3.1CVSS5.5AI score0.00154EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/19 9:57 p.m.11 views

EUVD-2026-30998

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector...

8.6CVSS5.7AI score0.00444EPSS
Exploits0References3
CVE
CVE
added 2026/05/19 9:57 p.m.19 views

CVE-2026-34463

CVE-2026-34463 affects MantisBT prior to 2.28.2. When cloning an issue from a different project, the clone form (bug_report_page.php) prepends the source project name before the category selector without proper escaping, allowing stored HTML injection (XSS) if an attacker can set the project name...

8.6CVSS5.7AI score0.00444EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/09/01 9:15 p.m.9 views

CVE-2022-23452

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service...

4.9CVSS6.2AI score0.01018EPSS
Exploits0References9
Rows per page
Query Builder