CVE-2026-34970

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2...

CVE-2026-34744

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior permit a user to list and download their own attachments from an Issue created by another user even after it becomes private, bypassing read access revocation. The loss of confidentiality caused by this...

PT-2026-39879

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions prior to 2.28.2 Description A bugnote author can access the Revisions page of a note even after losing access to the parent private issue. This leads to the disclosure of the private issue's ID and summary,...

EUVD-2023-43789

Malicious code in bioql PyPI...

CVE-2018-9839

An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a crafted request on bugreportpage.php modifying the 'mid' parameter, any user with REPORTER access or above is able to view any private issue's details summary, description, steps to reproduce, additional information when cloni...

GHSA-7J8M-FM49-XGMG MantisBT Incorrect Authorization for bug_revision_view_page.php check

An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bugrevisionviewpage.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnoteid parameter...

MantisBT Incorrect Authorization for bug_revision_view_page.php check

An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bugrevisionviewpage.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnoteid parameter...