mantisbt/mantisbt Security Advisories for 2.26.3 (5)
-
[MEDIUM] MantisBT unauthorized disclosure of private project column configuration
PKSA-h3h3-9cvh-htmg CVE-2025-62520 GHSA-g582-8vwr-68h2
Affected version: <2.27.2
Reported by:
GitHub -
[MEDIUM] MantisBT lacks verification when changing a user's email address
PKSA-983m-gpx4-ywx3 CVE-2025-55155 GHSA-q747-c74m-69pr
Affected version: <2.27.2
Reported by:
GitHub -
[MEDIUM] MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length
PKSA-r8rw-8k4b-bvgz CVE-2025-46556 GHSA-r3jf-hm7q-qfw5
Affected version: <2.27.2
Reported by:
GitHub -
[HIGH] MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling
PKSA-gxs3-7yhj-kxf3 CVE-2025-47776 GHSA-4v8w-gg5j-ph37
Affected version: <2.27.2
Reported by:
GitHub -
[MEDIUM] MantisBT vulnerable to information disclosure with user profiles
PKSA-9rc9-dxmv-6ty7 CVE-2024-45792 GHSA-h5q3-fjp4-2x7r
Affected version: <=2.26.3
Reported by:
GitHub