| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-3105 | SQL Injection in Contact Activity API Sorting | Mautic | Mautic | High | 7.6 | 2026-02-24 18:39:03 | Deep Dive |
| CVE-2025-13828 | Mautic user without privileged access to the Marketplace can install and uninstall composer packages | Mautic | Mautic | - | - | 2025-12-02 16:54:59 | Deep Dive |
| CVE-2025-13827 | GrapesJsBuilder File Upload allows all file uploads | Mautic | Mautic | - | - | 2025-12-02 16:54:40 | Deep Dive |
| CVE-2025-9823 | Reflected XSS in lead:addLeadTags - Quick Add | Mautic | Mautic | - | - | 2025-09-03 14:33:26 | Deep Dive |
| CVE-2025-9824 | User Enumeration via Response Timing | Mautic | Mautic | Medium | 5.9 | 2025-09-03 14:25:07 | Deep Dive |
| CVE-2025-9822 | Secret data extraction via elfinder | Mautic | Mautic | Medium | 5.5 | 2025-09-03 13:55:13 | Deep Dive |
| CVE-2025-9821 | SSRF via webhook function | Mautic | Mautic | Low | 2.7 | 2025-09-03 09:39:01 | Deep Dive |
| CVE-2025-7381 | Exposure of sensitive PHP information to an unauthorized control sphere in mautic/mautic images | mautic | Docker Mautic | Medium | 5.3 | 2025-07-09 15:16:37 | Deep Dive |
| CVE-2025-5256 | Open Redirect vulnerability on user unlock path | Mautic | Mautic | Medium | 5.4 | 2025-05-28 17:47:06 | Deep Dive |
| CVE-2024-47055 | Segment cloning doesn't have a proper permission check | Mautic | Mautic | Medium | 4.3 | 2025-05-28 17:34:32 | Deep Dive |
| CVE-2024-47057 | User name enumeration possible due to response time difference on password reset form | Mautic | Mautic | Medium | 5.3 | 2025-05-28 17:23:53 | Deep Dive |
| CVE-2024-47056 | Mautic does not shield .env files from web traffic | Mautic | Mautic | Medium | 5.1 | 2025-05-28 16:24:57 | Deep Dive |
| CVE-2025-5257 | Predictable Page Indexing Might Lead to Sensitive Data Exposure | Mautic | Mautic | Medium | 6.5 | 2025-05-28 16:17:54 | Deep Dive |
| CVE-2024-47051 | Remote Code Execution & File Deletion in Asset Uploads | Mautic | mautic/core | Critical | 9.1 | 2025-02-26 12:01:26 | Deep Dive |
| CVE-2024-47053 | Improper Authorization in Reporting API | Mautic | mautic/core | High | 7.7 | 2025-02-26 11:54:17 | Deep Dive |
| CVE-2022-25773 | Relative Path Traversal in assets file upload | Mautic | mautic/core | Medium | 4.3 | 2025-02-26 11:48:33 | Deep Dive |
| CVE-2022-25770 | Insufficient authentication in upgrade flow | Mautic | Mautic | High | 7.8 | 2024-09-18 21:26:34 | Deep Dive |
| CVE-2024-47059 | Users enumeration - weak password login | Mautic | Mautic | Medium | 4.3 | 2024-09-18 21:19:27 | Deep Dive |
| CVE-2021-27917 | XSS in contact tracking and page hits report | Mautic | Mautic | High | 7.3 | 2024-09-18 21:09:10 | Deep Dive |
| CVE-2024-47050 | XSS in contact/company tracking (no authentication) | Mautic | Mautic | Medium | 5.4 | 2024-09-18 21:04:47 | Deep Dive |