Lucene search
+L

78 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-62361

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to 6.2.0, listmonk’s GET /api/subscribers/export endpoint injects the user-controlled query parameter into QuerySubscribersForExport in internal/core/subscribers.go without calling validateQueryTables, unlike GET...

5.5CVSS0.00239EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-62361 listmonk: SQL Injection in `/api/subscribers/export` bypasses table access control, leaking admin password hashes and SMTP credentials

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to 6.2.0, listmonk’s GET /api/subscribers/export endpoint injects the user-controlled query parameter into QuerySubscribersForExport in internal/core/subscribers.go without calling validateQueryTables, unlike GET...

5.5CVSS0.00239EPSS
Exploits0References3
OSV
OSV
added 3 days ago5 views

CVE-2026-62361 listmonk: SQL Injection in `/api/subscribers/export` bypasses table access control, leaking admin password hashes and SMTP credentials

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to 6.2.0, listmonk’s GET /api/subscribers/export endpoint injects the user-controlled query parameter into QuerySubscribersForExport in internal/core/subscribers.go without calling validateQueryTables, unlike GET...

5.5CVSS6.2AI score0.00239EPSS
Exploits0References5
CVE
CVE
added 3 days ago7 views

CVE-2026-62361

CVE-2026-62361 affects listmonk prior to version 6.2.0. The vulnerability arises in the GET /api/subscribers/export endpoint, which injects a user-controlled query parameter into QuerySubscribersForExport without calling validateQueryTables, unlike GET /api/subscribers. An authenticated user with...

5.5CVSS6.2AI score0.00239EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/04/24 12:0 a.m.8 views

listmonk Admin Authentication / Password Flow Security Assessment Module

This Metasploit auxiliary module is a web application security testing tool designed to evaluate authentication and password management logic in a Listmonk admin panel deployment...

5.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/03 11:2 p.m.7 views

CVE-2026-34584

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/03 11:1 p.m.11 views

CVE-2026-34828

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and...

7.1CVSS5.8AI score0.003EPSS
Exploits2References1
NVD
NVD
added 2026/04/02 6:16 p.m.8 views

CVE-2026-34828

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and...

7.1CVSS0.003EPSS
Exploits2References3
NVD
NVD
added 2026/04/02 6:16 p.m.8 views

CVE-2026-34584

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

5.4CVSS0.00171EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:32 p.m.4 views

CVE-2026-34828

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and...

7.1CVSS5.8AI score0.003EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2026/04/02 5:32 p.m.23 views

CVE-2026-34828 listmonk: Active sessions remain valid after password reset and password change

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and...

7.1CVSS0.003EPSS
Exploits2References3
CVE
CVE
added 2026/04/02 5:32 p.m.17 views

CVE-2026-34828

CVE-2026-34828 affects listmonk, a standalone self-hosted newsletter manager. A session-management vulnerability in versions 4.1.0 up to, but not including, 6.1.0 allows already-authenticated sessions to remain valid after password reset or password change, enabling an attacker with a valid sessi...

7.1CVSS5.8AI score0.003EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 5:32 p.m.3 views

CVE-2026-34828 listmonk: Active sessions remain valid after password reset and password change

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and...

7.1CVSS5.8AI score0.003EPSS
Exploits2References3
OSV
OSV
added 2026/04/02 5:32 p.m.3 views

CVE-2026-34828 listmonk: Active sessions remain valid after password reset and password change

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and...

7.1CVSS5.9AI score0.003EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2026/04/02 5:31 p.m.3 views

CVE-2026-34584 listmonk: Broken Access Control in CSV Import (Unauthorized List Assignment)

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/02 5:31 p.m.20 views

CVE-2026-34584 listmonk: Broken Access Control in CSV Import (Unauthorized List Assignment)

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

5.4CVSS0.00171EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 5:31 p.m.5 views

EUVD-2026-18450

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:31 p.m.5 views

CVE-2026-34584

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/02 5:31 p.m.11 views

CVE-2026-34584

The CVE affects listmonk (standalone, self-hosted newsletter/mailing list app). From version 4.1.0 up to, but not including, 6.1.0, bugs in list permission checks allow users in multi-user environments to access lists they should not access. This could expose restricted lists under different scen...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

listmonk 安全漏洞

ListMonk is a high-performance, self-hosted newsletter and mailing list manager developed by Kailash Nadh. Versions of ListMonk from 4.1.0 to 6.1.0 had security vulnerabilities due to defects in list permission checks. These vulnerabilities could allow users in multi-user environments to access...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References3
Rows per page
Query Builder