Description CVE Affected Versions Date
Race condition CVE-2025-48880 < 1.8.181 2025-05-15
Stored XSS [8] CVE-2025-48875 < 1.8.180 2025-05-15
Stored XSS [6] CVE-2025-48488 < 1.8.180 2025-05-15
Stored XSS [4] CVE-2025-48488 < 1.8.180 2025-05-15
Stored XSS [4] CVE-2025-48486 < 1.8.180 2025-05-15
Stored XSS [7] CVE-2025-48489 < 1.8.180 2025-05-15
Stored XSS [6] CVE-2025-48488 < 1.8.180 2025-05-15
Stored XSS [5] CVE-2025-48487 < 1.8.180 2025-05-15
Stored XSS [4] CVE-2025-48486 < 1.8.180 2025-05-15
Stored XSS [3] CVE-2025-48485 < 1.8.180 2025-05-15
Stored XSS [2] CVE-2025-48484 < 1.8.178 2025-05-15
Stored XSS leads to CSRF [1] CVE-2025-48483 < 1.8.180 2025-05-14
Business Logic Errors [7] CVE-2025-48482 < 1.8.180 2025-05-14
Business Logic Errors [6] CVE-2025-48481 < 1.8.180 2025-05-14
Business Logic Errors [4] CVE-2025-48479 < 1.8.180 2025-05-14
Business Logic Errors [5] CVE-2025-48480 < 1.8.180 2025-05-14
Business Logic Errors [3] CVE-2025-48478 < 1.8.180 2025-05-14
Business Logic Errors [2] CVE-2025-48477 < 1.8.180 2025-05-14
Business Logic Errors [1] CVE-2025-48474 < 1.8.180 2025-05-14
Insufficient authorization [3] CVE-2025-48474 < 1.8.180 2025-05-14
Insufficient authorization [4] CVE-2025-48475 < 1.8.179 2025-05-14
Insufficient authorization [1] CVE-2025-48473 < 1.8.179 2025-05-14
Insufficient authorization [1] CVE-2025-48472 < 1.8.179 2025-05-14
Arbitrary file upload CVE-2025-48471 < 1.8.179 2025-05-14
Remote Code Execution (RCE) CVE-2025-48390 < 1.8.178 2025-05-14
Deserialization of untrusted data CVE-2025-48389 < 1.8.178 2025-05-14
Insufficient Protection Against CRLF-injection CVE-2025-48388 < 1.8.178 2025-05-14
Prototype Pollution in getQueryParam Function (URL Query Parser) CVE-2024-34698 < 1.8.139 2024-05-03
Stored HTML Injection in Editing Received Emails CVE-2024-34697 < 1.8.139 2024-05-02
Stored XSS to Privilege Escalation After CSP Bypass CVE-2024-29184 < 1.8.128 2024-03-15
OS Command Injection CVE-2024-29185 < 1.8.128 2024-03-15
SMTP Mail Credentials Disclosed in Error Log CVE-2024-28186 < 1.8.124 2024-03-04
Unrestricted File Upload Led to Cross-Site Scripting CVE-2024-1932 < 1.8.101 2024-02-28