8 matches found
EUVD-2021-2108
Malware in sbrugna...
EUVD-2024-54605
Malicious code in bioql PyPI...
CVE-2024-47056
SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system...
GHSA-VPH5-GHQ3-Q782 Mautic segment cloning doesn't have a proper permission check
Summary This advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference IDOR / Missing Authorization: A missing...
CVE-2024-47055
CVE-2024-47055 concerns Mautic where the cloneAction in the segment management exposes a Missing Authorization vulnerability (IDOR). An authenticated user can clone segments without proper permission checks, bypassing access controls. The root cause is insufficient authorization in the cloneActio...
CVE-2024-47055 Segment cloning doesn't have a proper permission check
SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference IDOR / Missing Authorization: A missing...
CVE-2025-5257 Predictable Page Indexing Might Lead to Sensitive Data Exposure
SummaryThis advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to the unintended disclosure of draft content or sensitive information. Unauthorized Access to...
CVE-2021-27913 Use of a Broken or Risky Cryptographic Algorithm
The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under...