CVE-2026-34390

MantisBT before 2.28.2 is affected by a Privilege Escalation in ProjectUsersAddCommand (manage_proj_user_add.php). A user with manage_project_threshold (default manager) can forge a higher access_level value and grant project-level administrator rights to any user within a project they manage, by...

EUVD-2026-30994

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...

CVE-2026-34390

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...

CVE-2026-34390 MantisBT: Privilege Escalation from Manager to Administrator

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...

CVE-2025-0504

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...

CVE-2025-30203

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting XSS via the content of RSS feeds in the RSS widgets. A project administrator or someone with control over an used RSS feed could use this vulnerability to force...

CVE-2025-30203

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting XSS via the content of RSS feeds in the RSS widgets. A project administrator or someone with control over an used RSS feed could use this vulnerability to force...

CVE-2025-30203

CVE-2025-30203 describes a cross-site scripting (XSS) vulnerability in Tuleap via the content of RSS feeds in the RSS widgets. Affected are Tuleap Community Edition older than 16.5.99.1742562878 and Tuleap Enterprise Edition older than 16.5-5 and 16.4-8. Root cause: insufficient sanitization/exec...

PT-2024-2097 · Jetbrains · Jetbrains Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.1.25893 Description: The issue is related to the lack of authorization procedures in JetBrains YouTrack, allowing an attacker to gain unauthorized access to a project. This is due to the possibility o...

MeterSphere 安全漏洞

MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. MeterSphere version 2.9.0 before the security vulnerability , the vulnerability stems from allowing the administrator of a project to modify other projects under the workspace...

JFrog Artifactory 安全漏洞

JFrog Artifactory is an open source general-purpose Artifact repository manager from Israel-based JFrog Jfrog that supports clustering and high-availability Docker registries and provides an end-to-end automation solution for tracking artifacts from development to production.JFrog Artifactory is...

Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788)

Impact Matt Hamilton from Soluble has discovered a limited Server-Side Request Forgery SSRF that allowed Harbor project owners to scan the TCP ports of hosts on the Harbor server's internal network. The vulnerability was immediately fixed by the Harbor team. Issue The “Test Endpoint” API, part of...

OpenStack Keystone Elevation of Privilege Vulnerability

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA in collaboration with Rackspace in the U.S. OpenStack Keystone is a module used in OpenStack to manage the authentication, service rules, and service token functions. A security...

CVE-2020-11938

In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2...

Code injection

In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings...

Design/Logic Flaw

In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2...

CVE-2020-11938

In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2...

CVE-2020-11686

In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings...

CVE-2019-15035

An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1...

CVE-2015-7471

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management CLM 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager RQM 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x...