Authenticated (Contributor+) Stored CrossSite Scripting via Inline SVG vulnerability
16 May, 2025
Cross Site Scripting (XSS) Vulnerability
7 May, 2025
Unauthenticated PHP Object Injection via PHAR vulnerability
25 April, 2025
Authenticated (Contributor+) SVG Upload to Local File Inclusion (Remote Code Execution) vulnerability
31 January, 2025
Authenticated (Contributor+) Arbitrary File Read vulnerability
31 January, 2025