EUVD-2024-54604

Malicious code in bioql PyPI...

CVE-2024-47057

CVE-2024-47057 describes a timing-based user enumeration vulnerability in Mautic’s “Forget your password” flow. Unauthenticated actors can distinguish existing vs. non-existing usernames by response time differences, due to lacking rate limiting, enabling username discovery. Impact is user enumer...

CVE-2024-47057 User name enumeration possible due to response time difference on password reset form

SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerability exists in the...

GHSA-4W2W-36VM-C8HF Mautic allows Relative Path Traversal in assets file upload

Summary This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server. Improper Limitation of a Pathname to a Restricted Directory: A vulnerability exists in the asset upload functionality that allows users to upload files to...