Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4328 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/22 9:17 p.m.9 views

CVE-2026-41075

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing th...

8.8CVSS5.8AI score0.00344EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2026/05/22 9:17 p.m.11 views

EUVD-2026-31505

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing th...

8.8CVSS5.8AI score0.00344EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/22 9:17 p.m.14 views

CVE-2026-41075 RT: SQL injection via entry_aggregator parameter in JSON search

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing th...

8.8CVSS0.00344EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/22 9:12 p.m.9 views

CVE-2026-41074 RT has broken CSRF protection for authenticated users

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery CSRF vulnerability. An attacker who can induce a logged-in RT user to visit a malicious web page can trigger arbitrary state-changing actions in RT on that...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References2
CVE
CVEadded 2026/05/22 9:12 p.m.26 views

CVE-2026-41074

CVE-2026-41074 affects RT (Resource Tracker) versions 6.0.0–6.0.2, where a Cross-Site Request Forgery (CSRF) vulnerability exists. An attacker who lures a logged-in RT user to visit a malicious page can trigger arbitrary state-changing actions in RT on that user’s behalf. The issue is fixed in RT...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2026/05/22 9:12 p.m.7 views

CVE-2026-41074

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery CSRF vulnerability. An attacker who can induce a logged-in RT user to visit a malicious web page can trigger arbitrary state-changing actions in RT on that...

7.1CVSS5.9AI score0.00117EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/05/22 9:12 p.m.8 views

CVE-2026-41074

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery CSRF vulnerability. An attacker who can induce a logged-in RT user to visit a malicious web page can trigger arbitrary state-changing actions in RT on that...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/05/22 9:12 p.m.13 views

CVE-2026-41074 RT has broken CSRF protection for authenticated users

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery CSRF vulnerability. An attacker who can induce a logged-in RT user to visit a malicious web page can trigger arbitrary state-changing actions in RT on that...

7.1CVSS0.00117EPSS
Exploits0References2
CVE
CVEadded 2026/05/22 9:10 p.m.109 views

CVE-2026-41073

CVE-2026-41073 affects RT (open source issue/IT ticket tracker). Versions older than 5.0.10 and 6.0.0–6.0.2 write user-controlled data into spreadsheet exports without sanitization, allowing CSV/formula injection when opened in spreadsheet apps. The underlying issue is that exported outputs may b...

4.6CVSS5.7AI score0.00166EPSS
Exploits0References3
NVD
NVDadded 2026/05/22 8:16 p.m.8 views

CVE-2026-40597

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.28.1 and below, given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's script-src directive by uploading a crafted attachment to any issue that, when accessed via th...

7.6CVSS0.00498EPSS
Exploits0References3
NVD
NVDadded 2026/05/22 8:16 p.m.9 views

CVE-2026-40607

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Note that By default, only...

7.5CVSS0.00419EPSS
Exploits0References3
NVD
NVDadded 2026/05/22 8:16 p.m.7 views

CVE-2026-40596

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging another vulnerability...

7.2CVSS0.00424EPSS
Exploits0References5
NVD
NVDadded 2026/05/22 8:16 p.m.6 views

CVE-2026-40598

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.28.1 and below, improper escaping of the redirection page retrieved from the request's Referer header allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode...

6.9CVSS0.00447EPSS
Exploits0References3
CVE
CVEadded 2026/05/22 7:39 p.m.40 views

CVE-2026-40607

CVE-2026-40607 affects MantisBT versions 2.11.0–2.28.1, where a Stored XSS arises from incorrect escaping of the saved filter owner when $g_show_user_realname is ON. Impact is XSS in contexts where real names are displayed; default access control restricts saving public filters to Manager+ users....

7.5CVSS5.9AI score0.00419EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/22 7:39 p.m.6 views

CVE-2026-40607 MantisBT is Vulnerable to Stored XSS Through its Saved-Filter Owner Column

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Note that By default, only...

7.5CVSS0.00419EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/22 7:39 p.m.9 views

EUVD-2026-31495

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Note that By default, only...

7.5CVSS5.9AI score0.00419EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/22 7:39 p.m.3 views

CVE-2026-40607

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Note that By default, only...

7.5CVSS5.9AI score0.00419EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/22 7:39 p.m.8 views

CVE-2026-40607 MantisBT is Vulnerable to Stored XSS Through its Saved-Filter Owner Column

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Note that By default, only...

7.5CVSS5.9AI score0.00419EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/22 7:32 p.m.6 views

CVE-2026-40598

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.28.1 and below, improper escaping of the redirection page retrieved from the request's Referer header allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode...

6.9CVSS5.3AI score0.00447EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/22 7:32 p.m.8 views

CVE-2026-40598 MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.28.1 and below, improper escaping of the redirection page retrieved from the request's Referer header allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode...

6.9CVSS5.3AI score0.00447EPSS
Exploits0References3
Rows per page
Query Builder