CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

CNNVD•added 2025/12/02 12:0 a.m.•2 views

Mautic 安全漏洞

Mautic is an open source marketing automation software from Mautic Open Source. The software monitors and manages websites, sends emails and manages customer resources. A security vulnerability exists in Mautic that stems from the ability of a non-privileged user to install and remove arbitrary...

9CVSS7AI score0.00063EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-1956

Malware in sbrugna...

6.3CVSS6.2AI score0.18658EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-2108

Malware in sbrugna...

7.1CVSS6AI score0.0069EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-54605

Malicious code in bioql PyPI...

5.1CVSS6.3AI score0.00049EPSS

Exploits0References2

RedhatCVE•added 2025/05/30 4:47 p.m.•15 views

CVE-2024-47056

SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system...

5.1CVSS6.7AI score0.00049EPSS

Exploits0References1

OSV•added 2025/05/28 5:38 p.m.•2 views

GHSA-VPH5-GHQ3-Q782 Mautic segment cloning doesn't have a proper permission check

Summary This advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference IDOR / Missing Authorization: A missing...

4.3CVSS6.8AI score0.00219EPSS

Exploits0References3

Cvelist•added 2025/05/28 5:34 p.m.•10 views

CVE-2024-47055 Segment cloning doesn't have a proper permission check

SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference IDOR / Missing Authorization: A missing...

4.3CVSS0.00219EPSS

Exploits0References1

CVE•added 2025/05/28 5:34 p.m.•43 views

CVE-2024-47055

CVE-2024-47055 concerns Mautic where the cloneAction in the segment management exposes a Missing Authorization vulnerability (IDOR). An authenticated user can clone segments without proper permission checks, bypassing access controls. The root cause is insufficient authorization in the cloneActio...

4.3CVSS4.5AI score0.00219EPSS

Exploits0References1Affected Software1

NVD•added 2025/05/28 5:15 p.m.•8 views

CVE-2024-47056

5.1CVSS0.00049EPSS

Exploits0References1

Cvelist•added 2025/05/28 4:17 p.m.•18 views

CVE-2025-5257 Predictable Page Indexing Might Lead to Sensitive Data Exposure

SummaryThis advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to the unintended disclosure of draft content or sensitive information. Unauthorized Access to...

6.5CVSS0.0046EPSS

Exploits0References1

Positive Technologies•added 2025/05/28 12:0 a.m.•2 views

PT-2025-23116 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic affected versions not specified Description: A security issue exists in the "Forget your password" functionality of Mautic, allowing unauthenticated users to enumerate valid usernames through a timing-based attack. This is due to...

5.3CVSS6.5AI score0.00242EPSS

Exploits0References6

Positive Technologies•added 2025/05/28 12:0 a.m.•2 views

PT-2025-23102 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic affected versions not specified Description: The issue concerns unauthorized access to unpublished page previews in Mautic, which could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to...

6.5CVSS5.9AI score0.0046EPSS

Exploits0References8

CNVD•added 2025/02/28 12:0 a.m.•5 views

Mautic Arbitrary File Upload Vulnerability

Mautic is an open source marketing automation application. An arbitrary file upload vulnerability exists in Mautic versions prior to 5.2.3, which stems from insufficient validation of uploaded file extensions and improper handling of file paths. An attacker can exploit this vulnerability to uploa...

9.9CVSS7.3AI score0.01106EPSS

Exploits0References1

Cvelist•added 2021/08/30 3:55 p.m.•11 views

CVE-2021-27913 Use of a Broken or Risky Cryptographic Algorithm

The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under...

3.5CVSS4.3AI score0.00089EPSS

Exploits1References1

Circl•added 2021/08/30 2:4 p.m.•1 views

CVE-2021-27913

creationtimestamp| type| source ---|---|--- 2021-08-30 14:04:38+00:00| published-proof-of-concept| https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3...

3.5CVSS5.8AI score0.00089EPSS

Exploits1References1