4328 matches found
Cross-site Scripting (XSS)
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the font family preference update process. An attacker can execute arbitrary HTML or JavaScript in the context of another user's session by injecting malicious...
Cross-site Scripting (XSS)
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper escaping of textarea custom field contents in the bugupdatepage.php process. An attacker can inject HTML and, if content security policy settings allow,...
Access Control Bypass
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Access Control Bypass in the REST API upload process. An attacker can upload attachments to private issues without proper authorization by leveraging authenticated access to endpoints they are...
Information Exposure
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Information Exposure in the attachment access process. An attacker can gain unauthorized access to attachments they previously uploaded by listing and downloading them from issues that have sin...
Authorization Bypass Through User-Controlled Key
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the userid parameter during the profile creation process. An attacker can gain unauthorized access to create global profiles by tampering wit...
PT-2026-39878
Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions prior to 2.28.2 Description An authenticated user can upload attachments to private issues that they are not authorized to access. Recommendations Update to version 2.28.2...
PT-2026-39890
Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions prior to 2.28.2 Description The mc issue update function allows users with update bug threshold access UPDATER to edit, change the view state, and modify time tracking on bugnotes belonging to other users...
[SECURITY] [DSA 6252-1] prosody security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6252-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 07, 2026 https://www.debian.org/security/faq -...
[SECURITY] [DLA 4568-1] lcms2 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4568-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 06, 2026 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...
EUVD-2026-28384
Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname but passes the original hostname to cURL without CURLOPTRESOLVE pinning on 10 of 11 outbound HTTP endpoints, leaving a DNS...
Wallos 代码问题漏洞
Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.8.1 contained code vulnerabilities. These vulnerabilities stemmed from the SSRF protection mechanism not preventing the CGNAT address range, which could allow authenticated users to...
PT-2026-38444
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTER FLAG NO PRIV RANGE | FILTER FLAG NO RES RANGE that does not...
CVE-2026-43167
In the Linux kernel, the following vulnerability has been resolved: xfrm: always flush state and policy upon NETDEVUNREGISTER event syzbot is reporting that "struct xfrmstate" refcount is leaking. unregisternetdevice: waiting for netdevsim0 to become free. Usage count = 2 reftracker:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ice: Fix for locking during Tx timestamp tracking cleanup The commit 4dd0d5c33c3e “ice: add lock around Tx timestamp tracker cleanup” added a lock around the Tx timestamp tracker process, which is used to clean up any remaining...
Astra Linux – Vulnerability in Mariadb 10.3
It was discovered that MariaDB versions 10.2 to 10.7 contain a segmentation fault due to the component Exectimetracker::getloops/Filesorttracker::reportuse/filesort...
Debian dsa-6239 : chromium - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6239 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6239-1 [email protected]...
CVE-2026-43027
A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackhelper. When a connection tracking helper is unregistered, its associated expectations are not properly cleaned up. This oversight can lead to a use-after-free vulnerability, where the system attempts t...
WordPress Goal Tracker – Custom Event Tracking for GA4 plugin <= 1.1.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Goal Tracker - Custom Event Tracking for GA4 versions = 1.1.5...
PT-2026-35640
Name of the Vulnerable Software and Affected Versions Shipment Tracker for Woocommerce versions prior to 1.5.3.3 Description A Cross Site Scripting XSS issue exists that allows users with the Subscriber role to execute malicious scripts in the context of the application. Recommendations Update to...
Debian dsa-6230 : chromium - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6230 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6230-1 [email protected]...