VYPR
Vendor

Knadh

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2026-34828HigApr 2, 2026
    risk 0.39cvss 7.1epss 0.00

    listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically…

  • CVE-2026-34584MedApr 2, 2026
    risk 0.28cvss 5.4epss 0.00

    listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists (which they don't have access to) under different scenarios. This…

  • CVE-2026-21483Jan 2, 2026
    risk 0.00cvss epss 0.00

    listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a higher-privileged user (Super Admin) views or…

  • CVE-2025-58430Sep 9, 2025
    risk 0.00cvss epss 0.00

    listmonk is a standalone, self-hosted, newsletter and mailing list manager. In versions up to and including 1.1.0, every http request in addition to the session cookie `session` there included `nonce`. The value is not checked and validated by the backend, removing `nonce`…

  • CVE-2025-49136Jun 9, 2025
    risk 0.00cvss epss 0.01

    listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a…

  • CVE-2025-46011Jun 4, 2025
    risk 0.00cvss epss 0.00

    Listmonk v4.1.0 (fixed in v5.0.0) is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges.