| Description | CVE | Affected Versions | Date |
|---|---|---|---|
| Prototype Pollution in getQueryParam Function (URL Query Parser) | CVE-2024-34698 | < 1.8.139 | 2024-05-03 |
| Stored HTML Injection in Editing Received Emails | CVE-2024-34697 | < 1.8.139 | 2024-05-02 |
| Stored XSS to Privilege Escalation After CSP Bypass | CVE-2024-29184 | < 1.8.128 | 2024-03-15 |
| OS Command Injection | CVE-2024-29185 | < 1.8.128 | 2024-03-15 |
| SMTP Mail Credentials Disclosed in Error Log | CVE-2024-28186 | < 1.8.124 | 2024-03-04 |
| Unrestricted File Upload Led to Cross-Site Scripting | CVE-2024-1932 | < 1.8.101 | 2024-02-28 |