Description | CVE | Affected Versions | Date |
---|---|---|---|
Prototype Pollution in getQueryParam Function (URL Query Parser) | CVE-2024-34698 | < 1.8.139 | 2024-05-03 |
Stored HTML Injection in Editing Received Emails | CVE-2024-34697 | < 1.8.139 | 2024-05-02 |
Stored XSS to Privilege Escalation After CSP Bypass | CVE-2024-29184 | < 1.8.128 | 2024-03-15 |
OS Command Injection | CVE-2024-29185 | < 1.8.128 | 2024-03-15 |
SMTP Mail Credentials Disclosed in Error Log | CVE-2024-28186 | < 1.8.124 | 2024-03-04 |
Unrestricted File Upload Led to Cross-Site Scripting | CVE-2024-1932 | < 1.8.101 | 2024-02-28 |