PT-2025-24526 · Sprig +1 · Sprig +1

Name of the Vulnerable Software and Affected Versions: Listmonk versions 4.0.0 through 5.0.2 Description: Listmonk is a standalone, self-hosted, newsletter and mailing list manager. The env and expandenv template functions, enabled by default in Sprig, allow capturing of environment variables on...

GHSA-4G82-3JCR-Q52W Malware in ctx

The ctx hosted project on PyPI was taken over via user account compromise and replaced with a malicious project which contained runtime code that collected the content of os.environ.items when instantiating Ctx objects. The captured environment variables were sent as a base64 encoded query...