WordPress version 5.7 suffers from a Media Library XML external entity injection vulnerability.
f4d5079185c7b7a82974659421942eaed8b4ed45e1818b1ece7631fe12e92485
Strapi version 3.0.0-beta.17.7 authenticated remote code execution exploit.
530b0d45ba96774f13af16553dc2fa1a5181ccdae3f20c8c95c0d51b69121a3e