Medium
CVE-2025-63082
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.
Medium
CVE-2025-63083
Lack of output escaping leads to a XSS vector in the pagebreak plugin.
Critical
CVE-2025-25226
Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database packag…
High
CVE-2025-25227
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
Medium
CVE-2024-40747
Various module chromes didn't properly process inputs, leading to XSS vectors.
High
CVE-2024-40749
Improper Access Controls allows access to protected views.