CVE-2026-54721 - Remote code execution via userforms email subject

PKSA-g6zg-78xs-c8r8 CVE-2026-54721

Affected version: <6.4.9|>=7.0.0,<7.0.7|>=7.1.0,<7.1.1

Reported by:
FriendsOfPHP/security-advisories

[HIGH] SilverStripe Folders migrated from 3.x may be unsafe to upload to

PKSA-rfdt-9jwp-6pz9 CVE-2020-9280 GHSA-592m-4533-rxq9

Affected version: >=5.0.0,<5.4.2

Reported by:
GitHub

[MEDIUM] SS-2015-018: File upload exposure on UserForms module

PKSA-n971-jkw6-mzjw GHSA-55pp-293f-3365

Affected version: <3.0.0

Reported by:
GitHub, FriendsOfPHP/security-advisories