CVE-2026-21483
- EPSS 0.01%
- Veröffentlicht 02.01.2026 20:57:29
- Zuletzt bearbeitet 25.02.2026 15:20:58
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a higher-privileged user ...
CVE-2025-58430
- EPSS 0.02%
- Veröffentlicht 09.09.2025 19:37:45
- Zuletzt bearbeitet 10.10.2025 21:49:03
listmonk is a standalone, self-hosted, newsletter and mailing list manager. In versions up to and including 1.1.0, every http request in addition to the session cookie `session` there included `nonce`. The value is not checked and validated by the ba...
CVE-2025-49136
- EPSS 41.27%
- Veröffentlicht 09.06.2025 16:21:48
- Zuletzt bearbeitet 11.07.2025 17:23:30
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by default in Sprig enables capturing of env variables on ...
CVE-2025-46011
- EPSS 0.07%
- Veröffentlicht 04.06.2025 00:00:00
- Zuletzt bearbeitet 15.10.2025 17:54:53
Listmonk v4.1.0 (fixed in v5.0.0) is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges.