Hi Ancorn, there are a few (already known) exploits on internal pages that required a valid username / password to exploit. The exploits are for version 0.9.7. These are already documented in the Security.MD file in the github repository. https://github.com/opencats/OpenCATS/blob/master/Security.MD#...