[MEDIUM] Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite

PKSA-wm5r-h6h3-m2pf CVE-2025-27794 GHSA-hg9j-64wp-m9px

Affected version: <1.8.10

Reported by:
GitHub

[MEDIUM] Flarum's logout Route allows open redirects

PKSA-t2c9-4b54-wr9g CVE-2024-21641 GHSA-733r-8xcp-w9mr

Affected version: <1.8.5

Reported by:
GitHub

[HIGH] Flarum vulnerable to LFI and Blind SSRF via Avatar upload

PKSA-gy61-rznj-1v67 CVE-2023-40033 GHSA-67c6-q4j4-hccg

Affected version: <1.8.0

Reported by:
GitHub