CVE-2026-23499 Saleor vulnerable to stored XSS via Unrestricted File Upload

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these...

Server-side Request Forgery (SSRF)

Overview ghost is a publishing platform Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the media inliner component. An attacker can access internal resources by sending crafted requests through the API while authenticated as a staff user. Remediation Upgra...

CVE-2025-10692

The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...