CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

517 matches found

CVE-2026-42070

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, the mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing t...

5.3CVSS5.8AI score0.00039EPSS

Exploits0References1

NVD•added yesterday•5 views

CVE-2026-9722

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.00012EPSS

Exploits0References4

ATTACKERKB•added yesterday•5 views

CVE-2026-9722

4.3CVSS5.7AI score0.00012EPSS

Exploits0References5

CVE•added yesterday•10 views

CVE-2026-9722

The CVE-2026-9722 entry concerns the WordPress plugin Laiser Tag, affected versions ≤ 1.2.5. The root cause is missing or incorrect nonce validation in the addOptionsPageFields function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to modify plugin settings (API key,...

4.3CVSS5.7AI score0.00012EPSS

Exploits0References4

Cvelist•added yesterday•32 views

CVE-2026-9722 Laiser Tag <= 1.2.5 - Cross-Site Request Forgery to Plugin Settings Update via Settings Form

4.3CVSS0.00012EPSS

Exploits0References4

Positive Technologies•added yesterday•3 views

PT-2026-45713

4.3CVSS5.7AI score0.00012EPSS

Exploits0References5

CBLMariner•added 4 days ago•6 views

CVE-2026-39821 affecting package cri-tools for versions less than 1.32.0-6

CVE-2026-39821 affecting package cri-tools for versions less than 1.32.0-6. A patched version of the package is available...

9.6CVSS5.8AI score0.0005EPSS

Exploits0

NVD•added 6 days ago•3 views

CVE-2026-42070

5.3CVSS0.00039EPSS

Exploits0References4

Cvelist•added 6 days ago•23 views

CVE-2026-42070 MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API

5.3CVSS0.00039EPSS

Exploits0References4

Vulnrichment•added 6 days ago•2 views

CVE-2026-42070 MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API

5.3CVSS5.8AI score0.00039EPSS

Exploits0References4

EUVD•added 6 days ago•4 views

EUVD-2026-33026

5.3CVSS5.8AI score0.00039EPSS

Exploits0References4

ATTACKERKB•added 6 days ago•4 views

CVE-2026-42070

5.3CVSS5.8AI score0.00039EPSS

Exploits0References5Affected Software1

CNNVD•added 6 days ago•3 views

Mantis Bug Tracker 安全漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.2 contained a security vulnerability. This vulnerability stemmed from the mcissueupdate function, which allowed users with the updatebugthreshold permission to...

5.3CVSS5.8AI score0.00039EPSS

Exploits0References4

Packet Storm News•added 2026/05/23 12:0 a.m.•6 views

CALIBURN: A Regime-Sensitivity Study of Operationally Calibrated Streaming Intrusion Detection

Streaming network intrusion detection systems must process flows continuously while keeping memory bounded, but most current methods leave alerting threshold selection as a post-hoc tuning problem poorly suited to production. Operators need alerting behaviour specifiable before deployment using...

5.8AI score

Exploits0

AstraLinux•added 2026/05/20 5:53 a.m.•7 views

Astra Linux - уязвимость в gdal

In GDAL version 3.0.1 and later, there is a double-free in the poolDestroy function within OGRExpatRealloc in the ogr/ogrexpat.cpp file, which occurs when the 10MB threshold is exceeded...

9.8CVSS7.3AI score0.02245EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: dm thin: Fixed a use-after-free crash in dmsmregisterthresholdcallback. Reports of faults injecting into the pool metadata device: - BUG: KASAN: Use-after-free in dmpoolregistermetadatathreshold+0x40/0x80. - Reading of size 8 ...

5.5CVSS6.3AI score0.00063EPSS

Exploits0References2

NVD•added 2026/05/19 10:16 p.m.•6 views

CVE-2026-34390

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...

5.1CVSS0.00015EPSS

Exploits0References4

NVD•added 2026/05/19 2:16 a.m.•10 views

CVE-2026-33052

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

5.3CVSS0.00041EPSS

Exploits0References3

Vulnrichment•added 2026/05/19 12:29 a.m.•5 views

CVE-2026-33052 MantisBT: Authorization Bypass in Global Profile Creation

5.3CVSS5.7AI score0.00041EPSS

Exploits0References3

Cvelist•added 2026/05/19 12:29 a.m.•31 views

CVE-2026-33052 MantisBT: Authorization Bypass in Global Profile Creation

5.3CVSS0.00041EPSS

Exploits0References3

Rows per page