|
2481
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user (REPORTER+) to…
|
CWE-862
Missing Authorization
|
CVE-2026-42071
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2482
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it (which typically requires manager or administrator acces…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44655
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2483
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, using show_inline=1 parameter and a valid file_show_inline_token CSRF token on file_download.php, an attacker can execu…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44657
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2484
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query fun…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9493
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2485
|
4.8 |
MEDIUM
Network
|
-
|
-
|
ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed …
|
CWE-79
Cross-site Scripting
|
CVE-2026-10057
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2486
|
4.8 |
MEDIUM
Network
|
-
|
-
|
ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed …
|
CWE-79
Cross-site Scripting
|
CVE-2026-10058
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2487
|
9.8 |
CRITICAL
Network
|
-
|
-
|
DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code exec…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-10071
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2488
|
7.2 |
HIGH
Network
|
-
|
-
|
DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-10072
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2489
|
7.5 |
HIGH
Network
|
-
|
-
|
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files.
|
CWE-23
Relative Path Traversal
|
CVE-2026-10073
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2490
|
4.9 |
MEDIUM
Network
|
-
|
-
|
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files.
|
CWE-23
Relative Path Traversal
|
CVE-2026-10074
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
