Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mautic — Vulnerabilities & Security Advisories 40

Browse all 40 CVE security advisories affecting Mautic. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Mautic:Mauticmautic/coreDocker Mautic
CVE IDTitleCVSSSeverityPublished
CVE-2026-3105 SQL Injection in Contact Activity API Sorting — MauticCWE-89 7.6 High2026-02-24
CVE-2025-13828 Mautic user without privileged access to the Marketplace can install and uninstall composer packages — MauticCWE-862 7.8AIHighAI2025-12-02
CVE-2025-13827 GrapesJsBuilder File Upload allows all file uploads — MauticCWE-434 9.8AICriticalAI2025-12-02
CVE-2025-9823 Reflected XSS in lead:addLeadTags - Quick Add — MauticCWE-79 6.1AIMediumAI2025-09-03
CVE-2025-9824 User Enumeration via Response Timing — MauticCWE-204 5.9 Medium2025-09-03
CVE-2025-9822 Secret data extraction via elfinder — MauticCWE-283 5.5 Medium2025-09-03
CVE-2025-9821 SSRF via webhook function — MauticCWE-918 2.7 Low2025-09-03
CVE-2025-7381 Exposure of sensitive PHP information to an unauthorized control sphere in mautic/mautic images — Docker MauticCWE-497 5.3 Medium2025-07-09
CVE-2025-5256 Open Redirect vulnerability on user unlock path — MauticCWE-601 5.4 Medium2025-05-28
CVE-2024-47055 Segment cloning doesn't have a proper permission check — MauticCWE-862 4.3 Medium2025-05-28
CVE-2024-47057 User name enumeration possible due to response time difference on password reset form — MauticCWE-203 5.3 Medium2025-05-28
CVE-2024-47056 Mautic does not shield .env files from web traffic — MauticCWE-312 5.1 Medium2025-05-28
CVE-2025-5257 Predictable Page Indexing Might Lead to Sensitive Data Exposure — MauticCWE-1284 6.5 Medium2025-05-28
CVE-2024-47051 Remote Code Execution & File Deletion in Asset Uploads — mautic/coreCWE-23 9.1 Critical2025-02-26
CVE-2024-47053 Improper Authorization in Reporting API — mautic/coreCWE-285 7.7 High2025-02-26
CVE-2022-25773 Relative Path Traversal in assets file upload — mautic/coreCWE-22 4.3 Medium2025-02-26
CVE-2022-25770 Insufficient authentication in upgrade flow — MauticCWE-306 7.8 High2024-09-18
CVE-2024-47059 Users enumeration - weak password login — MauticCWE-200 4.3 Medium2024-09-18
CVE-2021-27917 XSS in contact tracking and page hits report — MauticCWE-79 7.3 High2024-09-18
CVE-2024-47050 XSS in contact/company tracking (no authentication) — MauticCWE-79 5.4 Medium2024-09-18
CVE-2024-47058 Cross-site Scripting (XSS) - stored (edit form HTML field) — MauticCWE-79 2.9 Low2024-09-18
CVE-2022-25768 Improper Access Control in UI upgrade process — MauticCWE-287 7.0 High2024-09-18
CVE-2022-25777 Server-Side Request Forgery in Asset section — MauticCWE-918 6.5 Medium2024-09-18
CVE-2022-25776 Sensitive Data Exposure due to inadequate user permission settings — MauticCWE-276 8.3 High2024-09-18
CVE-2022-25775 SQL Injection in dynamic Reports — MauticCWE-89 6.6 Medium2024-09-18
CVE-2022-25774 XSS in Notifications via saving Dashboards — MauticCWE-79 4.8 Medium2024-09-18
CVE-2022-25769 Improper regex in htaccess file — MauticCWE-1284 7.2 High2024-09-18
CVE-2021-27916 Relative Path Traversal / Arbitrary File Deletion in Mautic (GrapesJS Builder) — MauticCWE-22 8.1 High2024-09-17
CVE-2021-27915 XSS Cross-site Scripting Stored (XSS) - Description field — MauticCWE-80 7.6 High2024-09-17
CVE-2024-3448 Improper Access Control Leads to Server-Side Request Forgery in Mautic — MauticCWE-918 5.0 Medium2024-04-10

This page lists every published CVE security advisory associated with Mautic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.