Version 10.0.1

SMB User Authentication Bypass
Stored XSS in CardDAV image export
Reflected XSS in Gallery application
Content-Spoofing in "files" app
Content-Spoofing in "dav" app

Version 10.0.0

Improper authorization check on removing shares

Version 9.0.54

SMB User Authentication Bypass
Improper authorization check on removing shares
Content-Spoofing in "files" app
Content-Spoofing in "dav" app

Version 9.0.52

Stored XSS in "gallery" application
Log pollution can potentially lead to local HTML injection
Content-Spoofing in "files" app
Edit permission check not enforced on WebDAV COPY action
Read-only share recipient can restore old versions of file