| CVE-2026-44657 |
high |
— |
8.0 |
|
|
|
18d ago |
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, using show_inline=1 parameter and a valid file_show_inline_token CSRF token on file_download.php, an attacker can execu… |
| CVE-2026-44655 |
high |
— |
8.0 |
|
|
|
18d ago |
Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it (which typically requires manager or administrator acces… |
| CVE-2026-42071 |
high |
— |
8.0 |
|
|
|
18d ago |
Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user (REPORTER+) to… |
| CVE-2026-40607 |
high |
— |
8.0 |
|
|
|
18d ago |
MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column |
| CVE-2026-40597 |
high |
— |
8.0 |
|
|
|
18d ago |
MantisBT has a Content Security Policy bypass via attachments |
| CVE-2026-40596 |
high |
— |
8.0 |
|
|
|
18d ago |
MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference |
| CVE-2026-34463 |
high |
— |
8.0 |
|
|
|
18d ago |
MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form |
| CVE-2026-42070 |
medium |
— |
5.5 |
|
|
|
18d ago |
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (UPDATER, with default setti… |
| CVE-2026-41897 |
medium |
— |
5.5 |
|
|
|
18d ago |
Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filter_target parameter on return_dynamic_filters.php (normally used as an AJAX in View Issu… |
| CVE-2026-40598 |
medium |
— |
5.5 |
|
|
|
18d ago |
MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page |
| CVE-2026-34970 |
medium |
— |
5.5 |
|
|
|
18d ago |
MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked |
| CVE-2026-34744 |
medium |
— |
5.5 |
|
|
|
18d ago |
MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue |
| CVE-2026-34579 |
medium |
— |
5.5 |
|
|
|
18d ago |
MantisBT has an authorization bypass in private issue monitoring |
| CVE-2026-34390 |
medium |
— |
5.5 |
|
|
|
18d ago |
MantisBT Vulnerable to Privilege Escalation from Manager to Administrator |
| CVE-2026-33052 |
medium |
— |
5.5 |
|
|
|
19d ago |
MantisBT Has Authorization Bypass in Global Profile Creation |
| CVE-2026-39960 |
medium |
5.4 |
5.4 |
|
|
|
18d ago |
MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values |
| CVE-2026-34754 |
medium |
4.3 |
4.3 |
|
|
|
18d ago |
MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API |