Lucene search
K

11 matches found

NVD
NVD
added 2026/06/24 5:16 p.m.7 views

CVE-2026-13164

Missing Authentication for Critical Function CWE-306 in the RegisterView apps/accounts/views.py, exposed at POST /api/auth/register/, in MailerUp 1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, becaus...

8.8CVSS0.00406EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 3:37 p.m.2 views

CVE-2026-13164 Unauthenticated self-registration in MailerUp allows access to stored email data

Missing Authentication for Critical Function CWE-306 in the RegisterView apps/accounts/views.py, exposed at POST /api/auth/register/, in MailerUp 1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, becaus...

8.8CVSS6.1AI score0.00406EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/24 3:37 p.m.6 views

CVE-2026-13164

Missing Authentication for Critical Function CWE-306 in the RegisterView apps/accounts/views.py, exposed at POST /api/auth/register/, in MailerUp 1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, becaus...

8.8CVSS6AI score0.00406EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 3:37 p.m.48 views

CVE-2026-13164 Unauthenticated self-registration in MailerUp allows access to stored email data

Missing Authentication for Critical Function CWE-306 in the RegisterView apps/accounts/views.py, exposed at POST /api/auth/register/, in MailerUp 1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, becaus...

8.8CVSS0.00406EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 3:37 p.m.15 views

CVE-2026-13164

Technical details are not publicly available in the provided documents. Monitor for updates.

8.8CVSS6AI score0.00406EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 1:16 p.m.14 views

CVE-2026-13163

Open redirect vulnerability CWE-601 in the saferedirect function of the click-tracking endpoint /c// in Mailerup 1.0.0 on all platforms allows remote unauthenticated attackers to redirect victims to arbitrary external sites and conduct phishing attacks via a crafted u query parameter, because the...

5.3CVSS0.00329EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 12:49 p.m.6 views

CVE-2026-13163

Open redirect vulnerability CWE-601 in the saferedirect function of the click-tracking endpoint /c// in Mailerup 1.0.0 on all platforms allows remote unauthenticated attackers to redirect victims to arbitrary external sites and conduct phishing attacks via a crafted u query parameter, because the...

5.3CVSS6.1AI score0.00329EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 12:49 p.m.11 views

EUVD-2026-38759

Open redirect vulnerability CWE-601 in the saferedirect function of the click-tracking endpoint /c// in Mailerup 1.0.0 on all platforms allows remote unauthenticated attackers to redirect victims to arbitrary external sites and conduct phishing attacks via a crafted u query parameter, because the...

5.3CVSS6.1AI score0.00329EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 12:49 p.m.12 views

CVE-2026-13163

CVE-2026-13163 describes an open redirect in Mailerup (<1.0.0) via the _safe_redirect function in the click-tracking endpoint /c// on all platforms. The vulnerability allows remote, unauthenticated attackers to redirect victims to arbitrary external sites by crafting the u parameter. The schem...

5.3CVSS6.1AI score0.00329EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 12:49 p.m.3 views

CVE-2026-13163 Lack of input validation in Mailerup input parameter leads to Open Redirect

Open redirect vulnerability CWE-601 in the saferedirect function of the click-tracking endpoint /c// in Mailerup 1.0.0 on all platforms allows remote unauthenticated attackers to redirect victims to arbitrary external sites and conduct phishing attacks via a crafted u query parameter, because the...

5.3CVSS6.1AI score0.00329EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51787

Name of the Vulnerable Software and Affected Versions Mailerup versions prior to 1.0.0 Description An open redirect issue exists in the safe redirect function of the click-tracking endpoint '/c//'. Remote unauthenticated attackers can redirect users to arbitrary external sites to perform phishing...

5.3CVSS5.9AI score0.00329EPSS
Exploits0References5
Rows per page
Query Builder