Below are listed all the CVEs I have discovered and reported.
+-----------------------+----------------------------------------------------+ | CVE ID | Technical description | +-----------------------+----------------------------------------------------+ | CVE-2026-30993 | The application lacks input sanitization for | | | parameters passed to the eval() function on line | | | 62. By supplying a specific key, an attacker can | | | inject malicious payloads, leading to full Remote | | | Code Execution (RCE). | +-----------------------+----------------------------------------------------+
Note: certain CVEs are still in the verification process due to MITRE's response time or the vendor's 90-day responsible disclosure period.
This list is constantly updated.