Vulnerabilities in knadh
5 resultsCVE-2025-49136CRITICALlistmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege userEPSS 0.9%CVE-2026-34828HIGHlistmonk: Active sessions remain valid after password reset and password changeEPSS 0.3%CVE-2026-21483MEDIUMlistmonk Vulnerable to Stored XSS Leading to Admin Account TakeoverEPSS 0.2%CVE-2026-34584MEDIUMlistmonk: Broken Access Control in CSV Import (Unauthorized List Assignment)EPSS 0.2%CVE-2025-58430HIGHlistmonk Vulnerable to CSRF to XSS Chain That Can Lead to Admin Account TakeoverEPSS 0.1%