Browse all 6 CVE security advisories affecting gitroomhq. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40487 | Postiz Has Unrestricted File Upload via MIME Type Spoofing that Leads to Stored XSS — postiz-appCWE-79 | 8.9 | High | 2026-04-18 |
| CVE-2026-40168 | Postiz has Server-Side Request Forgery via Redirect Bypass in /api/public/stream — postiz-appCWE-918 | 8.2 | High | 2026-04-10 |
| CVE-2026-34590 | Postiz: SSRF via Webhook Creation Endpoint Missing URL Safety Validation — postiz-appCWE-918 | 5.4 | Medium | 2026-04-02 |
| CVE-2026-34577 | Postiz: Unauthenticated Full-Read SSRF via /public/stream Endpoint with Trivially Bypassable Extension Check — postiz-appCWE-918 | 8.6 | High | 2026-04-02 |
| CVE-2026-34576 | Postiz: SSRF in upload-from-url endpoint allows fetching internal resources and cloud metadata — postiz-appCWE-918 | 6.5AI | MediumAI | 2026-04-02 |
| CVE-2025-53641 | Postiz allows header mutation in middleware facilitates resulting in SSRF — postiz-appCWE-918 | 8.2 | High | 2025-07-11 |
This page lists every published CVE security advisory associated with gitroomhq. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.