CVE-2026-25198

web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an open redirect vulnerability. If this vulnerability is exploited, the user may be redirected to an arbitrary website when accessing a specially crafted URL. As a result, the user may become a victim of a phishing atta...

CVE-2025-47776

Mantis Bug Tracker MantisBT is an open source issue tracker. Due to incorrect use of loose == instead of strict === comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instanc...

CVE-2025-62520

CVE-2025-62520 concerns MantisBT prior to 2.27.2. The issue arises from insufficient access checks in manage_config_columns_page.php, allowing any non-admin user with access to that page to use Copy From to retrieve the columns configuration from a private project they should not access. Affected...

CVE-2025-55155

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. This could result in storing an invalid email address, preventing...

CVE-2025-47776 MantisBT: Authentication bypass for some passwords due to PHP type juggling

Mantis Bug Tracker MantisBT is an open source issue tracker. Due to incorrect use of loose == instead of strict === comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instanc...

CVE-2025-47776 MantisBT: Authentication bypass for some passwords due to PHP type juggling

Mantis Bug Tracker MantisBT is an open source issue tracker. Due to incorrect use of loose == instead of strict === comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instanc...

CVE-2025-46556 MantisBT is Vulnerable to Denial-of-Service (DoS) attack via Excessive Note Length

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently corrupt issue activity logs by submitting extremely long notes tested with 4,788,761 characters due to a lack of server-side validation of note length. Once such a note is added,...

PT-2025-44808

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker versions 2.27.1 and below Description Mantis Bug Tracker is an open source issue tracker. A lack of server-side validation of note length allows attackers to permanently corrupt issue activity logs by submitting extremely lo...

MantisBT 安全漏洞

MantisBT is a Web-based open source defect tracking system from the MantisBT team. The system provides project management and defect tracking services in a web-operated format. A security vulnerability exists in MantisBT 2.27.1 and earlier versions, which stems from an unvalidated comment length...

CVE-2021-26843

An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the dedotdot function may cause a Denial-of-Service daemon crash due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted...

CVE-2025-32161

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryo Arkhe Blocks arkhe-blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through = 2.27.1...

CVE-2025-32161

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryo Arkhe Blocks arkhe-blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through = 2.27.1...

CVE-2025-32161

CVE-2025-32161 describes a Stored XSS in Arkhe Blocks (WordPress plugin). The connected materials confirm the issue is an improper neutralization of input during web page generation, enabling cross-site scripting in Arkhe Blocks versions from n/a up to 2.27.1. The CVSS/metrics indicate a medium s...

CVE-2025-32161 WordPress Arkhe Blocks plugin <= 2.27.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryo Arkhe Blocks arkhe-blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through = 2.27.1...

WordPress plugin Arkhe Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

SUSE CVE-2021-29622

Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirec...

[ASA-202105-25] prometheus: open redirect

Arch Linux Security Advisory ASA-202105-25 ========================================== Severity: Medium Date : 2021-05-25 CVE-ID : CVE-2021-29622 Package : prometheus Type : open redirect Remote : Yes Link : https://security.archlinux.org/AVG-1971 Summary ======= The package prometheus before...

UBUNTU-CVE-2021-29622

Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirec...

CVE-2021-29622

Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirec...

sthttpd 缓冲区错误漏洞

sthttpd is an improved version of thttpd, a small, simple, fast and secure HTTP server implementation that supports HTTP/1.1. A denial of service vulnerability exists in sthttpd version 2.27.1 and earlier. The vulnerability is related to a memory error in the handling of the dedotdot function in...