Every CVE whose affected-product data names Nadh Listmonk, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2025-49136 — CVSS 9.0 (critical): listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env`…
CVE-2026-34828 — CVSS 7.1 (high): listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session…
CVE-2025-46011 — CVSS 6.5 (medium): Listmonk v4.1.0 (fixed in v5.0.0) is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate…
CVE-2025-58430 — CVSS 6.1 (medium): listmonk is a standalone, self-hosted, newsletter and mailing list manager. In versions up to and including 1.1.0, every http request in…
CVE-2026-21483 — CVSS 5.4 (medium): listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign…
CVE-2026-34584 — CVSS 5.4 (medium): listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list…