| CVE-2026-44657 |
high |
— |
8.0 |
|
|
|
19d ago |
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, using show_inline=1 parameter and a valid file_show_inline_token CSRF token on file_download.php, an attacker can execu… |
| CVE-2026-44655 |
high |
— |
8.0 |
|
|
|
19d ago |
Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it (which typically requires manager or administrator acces… |
| CVE-2026-42071 |
high |
— |
8.0 |
|
|
|
19d ago |
Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user (REPORTER+) to… |
| CVE-2026-40607 |
high |
— |
8.0 |
|
|
|
19d ago |
MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column |
| CVE-2026-40597 |
high |
— |
8.0 |
|
|
|
19d ago |
MantisBT has a Content Security Policy bypass via attachments |
| CVE-2026-40596 |
high |
— |
8.0 |
|
|
|
19d ago |
MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference |
| CVE-2026-34463 |
high |
— |
8.0 |
|
|
|
19d ago |
MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form |
| CVE-2026-42070 |
medium |
— |
5.5 |
|
|
|
19d ago |
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (UPDATER, with default setti… |
| CVE-2026-41897 |
medium |
— |
5.5 |
|
|
|
19d ago |
Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filter_target parameter on return_dynamic_filters.php (normally used as an AJAX in View Issu… |
| CVE-2026-40598 |
medium |
— |
5.5 |
|
|
|
19d ago |
MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page |
| CVE-2026-34970 |
medium |
— |
5.5 |
|
|
|
19d ago |
MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked |
| CVE-2026-34744 |
medium |
— |
5.5 |
|
|
|
19d ago |
MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue |
| CVE-2026-34579 |
medium |
— |
5.5 |
|
|
|
19d ago |
MantisBT has an authorization bypass in private issue monitoring |
| CVE-2026-34390 |
medium |
— |
5.5 |
|
|
|
19d ago |
MantisBT Vulnerable to Privilege Escalation from Manager to Administrator |
| CVE-2026-33052 |
medium |
— |
5.5 |
|
|
|
19d ago |
MantisBT Has Authorization Bypass in Global Profile Creation |
| CVE-2026-39960 |
medium |
5.4 |
5.4 |
|
|
|
19d ago |
MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values |
| CVE-2026-34754 |
medium |
4.3 |
4.3 |
|
|
|
19d ago |
MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API |