- [CVE-2025-6533] Captcha Replay
The login function fails to invalidate the captcha after one use. This allows an attacker to replay a valid captcha to bypass brute-force protection.
2 min read English - [CVE-2025-6535] SQLI in User List
A critical SQL injection vulnerability in the user list endpoint allows authenticated attackers to exfiltrate sensitive user data, including password hashes.
3 min read English - [CVE-2025-6534] Arbitrary File Deletion
A missing authorization check in the file deletion function allows any authenticated user to delete any file on the system by its ID.
1 min read English