Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4328 matches found

NVD
NVDadded 2026/03/24 6:16 p.m.3 views

CVE-2026-33407

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTPPROXY and HTTPSPROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied search...

9.1CVSS0.00369EPSS
Exploits1References2
EUVD
EUVDadded 2026/03/24 5:58 p.m.4 views

EUVD-2026-14947

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 CVE-2026-30840 added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI...

8.8CVSS7.2AI score0.00497EPSS
Exploits2References3
CNNVD
CNNVDadded 2026/03/24 12:0 a.m.9 views

Furnace 安全漏洞

Furnace is a chip tuning tracker developed by tildearrow. Versions of Furnace prior to 0.7 contained a security vulnerability, which was caused by out-of-bound reading, potentially causing issues with the program file flac.C...

9.3CVSS5.8AI score0.00128EPSS
Exploits0References2
Snyk
Snykadded 2026/03/23 8:39 p.m.3 views

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper escaping of tag names retrieved from History in the Timeline. An attacker can execute arbitrary HTML or JavaScript code in the context of the affected...

8.6CVSS6.1AI score0.00196EPSS
Exploits0References2
Snyk
Snykadded 2026/03/23 8:37 p.m.5 views

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tag Delete Confirmation. An attacker can execute arbitrary JavaScript in the application's context by injecting malicious HTML into the tag name, which is then...

8.6CVSS5.9AI score0.00243EPSS
Exploits0References2
OSV
OSVadded 2026/03/23 8:28 p.m.7 views

GHSA-PHRQ-PC6R-F6GH MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL

Mantis Bug Tracker instances running on MySQL and compatible databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of improper type checking on the password parameter. Other database backends are not affected, as they do not perform implicit type conversion...

9.3CVSS5.9AI score0.00413EPSS
Exploits1References4
EUVD
EUVDadded 2026/03/23 8:28 p.m.14 views

EUVD-2026-14516

MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL...

9.3CVSS5.8AI score0.00413EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2026/03/23 8:28 p.m.10 views

MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL

Mantis Bug Tracker instances running on MySQL and compatible databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of improper type checking on the password parameter. Other database backends are not affected, as they do not perform implicit type conversion...

9.8CVSS5.9AI score0.00413EPSS
Exploits1References4Affected Software1
NVD
NVDadded 2026/03/23 8:16 p.m.4 views

CVE-2026-33517

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, when deleting a Tag tagdelete.php, improper escaping of its name when displaying the confirmation message allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript. Versi...

8.6CVSS0.00243EPSS
Exploits0References3
NVD
NVDadded 2026/03/23 8:16 p.m.5 views

CVE-2026-33548

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has...

8.6CVSS0.00196EPSS
Exploits0References2
NVD
NVDadded 2026/03/23 8:16 p.m.12 views

CVE-2026-30849

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of an improper type checking on the password parameter. Other database backends are not...

9.8CVSS0.00413EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/03/23 7:15 p.m.3 views

CVE-2026-33548

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has...

8.6CVSS6AI score0.00196EPSS
Exploits0References3
CVE
CVEadded 2026/03/23 7:15 p.m.12 views

CVE-2026-33548

MantisBT 2.28.0 is vulnerable to Stored HTML Injection / XSS when rendering tags in Timeline (Timeline view via my_view_page.php). Root cause: improper escaping of tag names retrieved from History in Timeline. Impact: if CSP permits, attacker could execute arbitrary JavaScript when displaying a r...

8.6CVSS6AI score0.00196EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/23 7:15 p.m.4 views

CVE-2026-33548 MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has...

8.6CVSS6AI score0.00196EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/23 7:13 p.m.3 views

CVE-2026-33517

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, when deleting a Tag tagdelete.php, improper escaping of its name when displaying the confirmation message allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript. Versi...

8.6CVSS6AI score0.00243EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/03/23 7:13 p.m.1 views

CVE-2026-33517 MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, when deleting a Tag tagdelete.php, improper escaping of its name when displaying the confirmation message allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript. Versi...

8.6CVSS6AI score0.00243EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/03/23 7:13 p.m.20 views

CVE-2026-33517 MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, when deleting a Tag tagdelete.php, improper escaping of its name when displaying the confirmation message allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript. Versi...

8.6CVSS0.00243EPSS
Exploits0References3
CVE
CVEadded 2026/03/23 7:13 p.m.11 views

CVE-2026-33517

The CVE-2026-33517 entry concerns MantisBT 2.28.0, where deleting a Tag (tag_delete.php) allows stored HTML injection due to improper escaping in the confirmation message. This can enable arbitrary JavaScript execution if CSP settings permit. The issue is fixed in version 2.28.1. Workarounds incl...

8.6CVSS6AI score0.00243EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2026/03/23 7:13 p.m.5 views

CVE-2026-33517 MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, when deleting a Tag tagdelete.php, improper escaping of its name when displaying the confirmation message allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript. Versi...

8.6CVSS6.2AI score0.00243EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/03/23 7:10 p.m.23 views

CVE-2026-30849 MantisBT SOAP API has an authentication bypass vulnerability on MySQL

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of an improper type checking on the password parameter. Other database backends are not...

9.3CVSS0.00413EPSS
Exploits1References2
Rows per page
Query Builder