| CVE-2026-42070 |
medium |
— |
5.5 |
|
|
|
19d ago |
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (UPDATER, with default setti… |
| CVE-2026-41897 |
medium |
— |
5.5 |
|
|
|
19d ago |
Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filter_target parameter on return_dynamic_filters.php (normally used as an AJAX in View Issu… |
| CVE-2026-40598 |
medium |
— |
5.5 |
|
|
|
19d ago |
MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page |
| CVE-2026-34970 |
medium |
— |
5.5 |
|
|
|
19d ago |
MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked |
| CVE-2026-34744 |
medium |
— |
5.5 |
|
|
|
19d ago |
MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue |
| CVE-2026-34579 |
medium |
— |
5.5 |
|
|
|
19d ago |
MantisBT has an authorization bypass in private issue monitoring |
| CVE-2026-34390 |
medium |
— |
5.5 |
|
|
|
19d ago |
MantisBT Vulnerable to Privilege Escalation from Manager to Administrator |
| CVE-2026-33052 |
medium |
— |
5.5 |
|
|
|
19d ago |
MantisBT Has Authorization Bypass in Global Profile Creation |
| CVE-2026-39960 |
medium |
5.4 |
5.4 |
|
|
|
19d ago |
MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values |
| CVE-2026-34754 |
medium |
4.3 |
4.3 |
|
|
|
19d ago |
MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API |