12 matches found
CVE-2026-41897
Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. This...
BIT-GITLAB-2025-13874 Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access...
CVE-2025-13874
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access...
CVE-2025-13874
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access...
EUVD-2025-209834
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access...
CVE-2025-13874
CVE-2025-13874 affects GitLab CE/EE campaigns: all versions from 15.1 prior to 18.9.7, 18.10 prior to 18.10.6, and 18.11 prior to 18.11.3 could allow an authenticated user with Guest permissions to view issues in projects they were not authorized to access. The issue is described as an Authorizat...
CVE-2025-13874
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access...
GHSA-J7V9-F46R-2RP4 MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field
Lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. Impact Cross-site scripting XSS Patches - c885af13f0b8596714ffe11df757c09f35fbd8f4 Workaround...
EUVD-2025-24596
Malicious code in bioql PyPI...
CVE-2025-2498 Insufficient Granularity of Access Control in GitLab
An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions...
CVE-2025-2498 Insufficient Granularity of Access Control in GitLab
An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions...
Atlassian Jira Service Desk < 3.9.16 Path Traversal Vulnerability
According to its self-reported version number, the Atlassian Jira Service Desk application running on the remote host is prior to 3.9.16, 3.10.x prior to 3.16.8, 4.0.x prior to 4.1.3, 4.2.x prior to 4.2.5, 4.3.x prior to 4.3.4 or 4.4.x prior to 4.4.1. It is, therefore, affected by a path traversa...