CVE-2021-40347

The CVE-2021-40347 issue affects GNU Mailman Postorius (views/list.py) for versions before 1.3.5. An authenticated attacker can send a crafted POST request to unsubscribe any user from a mailing list and can reveal whether that address was subscribed. Remediation: upgrade Postorius to 1.3.5 or ne...

CVE-2026-44742

CVE-2026-44742 affects Postorius up to version 1.3.13. The issue is that the message subject is not HTML-escaped when rendered in the Held messages pop-up, enabling HTML-injection-like rendering as noted “exploited in the wild in May 2026.” The provided sources confirm the affected software and t...