Total CVEs

140,426

Critical Severity

3,747

High Severity

13,550

Last 7 Days

1,486
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,101 - 12,120 of 36,831 CVEs

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging another vulnerabil...

Vendor: composer
Product: mantisbt/mantisbt
Published: May 11, 2026
Source: GitHub
CVE-2026-39960 MEDIUM - 5.4

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and below contain flawed logic that causes improper escaping of a textarea custom field's contents in the Update Issue page, (bug_update_page.php) allowing an attacker to inject HTML and, if CSP settings permit, exec...

Vendor: composer
Product: mantisbt/mantisbt
Published: May 11, 2026
Source: GitHub
CVE-2026-39850 HIGH - 7.4

Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile() that leads to Local File Inclusion. The function calls extract($_params_, EXTR_OVERWRITE) before the require statement that loads the view file. As a result, a...

Vendor: composer
Product: yiisoft/yii2
Published: May 11, 2026
Source: GitHub

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2.

Vendor: composer
Product: mantisbt/mantisbt
Published: May 11, 2026
Source: GitHub
CVE-2026-34754 MEDIUM - 4.3

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2.

Vendor: composer
Product: mantisbt/mantisbt
Published: May 11, 2026
Source: GitHub

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior permit a user to list and download their own attachments from an Issue created by another user even after it becomes private, bypassing read access revocation. The loss of confidentiality caused by this vulnerab...

Vendor: composer
Product: mantisbt/mantisbt
Published: May 11, 2026
Source: GitHub

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bug_monitor_add.php, a user with project-level access can add themselves as a monitor for a p...

Vendor: composer
Product: mantisbt/mantisbt
Published: May 11, 2026
Source: GitHub

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form (bug_report_page.php) prepends the source Project name before the category selector...

Vendor: composer
Product: mantisbt/mantisbt
Published: May 11, 2026
Source: GitHub

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand (manage_proj_user_add.php) allow users having manage_project_threshold access level (manager by defaul...

Vendor: composer
Product: mantisbt/mantisbt
Published: May 11, 2026
Source: GitHub
CVE-2026-8318 MEDIUM - 5.3

A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toc_transformer of the file pageindex/page_index.py of the component PDF Table of Contents Handler. The manipulation results in infinite loop. The...

Published: May 11, 2026
Source: NVD

Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te module) allows Excessive Allocation. The chunked transfer-encoding parser in cow_http_te accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication (Len * 16 + digit), ...

Published: May 11, 2026
Source: NVD
CVE-2026-45224 HIGH - 7.1

Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file wit...

Vendor: openclaw
Product: crabbox
Published: May 11, 2026
Source: NVD
CVE-2026-45223 HIGH - 8.8

Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken() function fails to reject payloads containing an admin claim, allowing attackers to escalate privileges. An attacker with access to the shared non-admin tok...

Vendor: openclaw
Product: crabbox
Published: May 11, 2026
Source: NVD
CVE-2026-45222 MEDIUM - 6.1

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json. ...

Vendor: steipete
Product: summarize
Published: May 11, 2026
Source: NVD

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cow_cookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-val...

Vendor: ninenines
Product: cowlib
Published: May 11, 2026
Source: NVD

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cow_sse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefix_lines/...

Vendor: ninenines
Product: cowlib
Published: May 11, 2026
Source: NVD

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiar_docfamiliar.php displays an overly descriptive error message, including database-related details. This verbosity leads to information disclosure, which could assist a potential attacker in mapping the b...

Vendor: LabRedesCefetRJ
Product: WeGIA
Published: May 11, 2026
Source: NVD

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's write_txt, write_csv, write_json, and (commented-but-shipping) scan_file helpers open their output as open(f"{user}.<ext>"), where user comes unsanitized from the -u CLI flag or any line...

Vendor: Alfredredbird
Product: tookie-osint
Published: May 11, 2026
Source: NVD
CVE-2026-8305 HIGH - 7.3

A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to initi...

Vendor: openclaw
Product: openclaw
Published: May 11, 2026
Source: NVD

An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions before 3.92.0. This ...

Published: May 11, 2026
Source: NVD