CVE-2024-55555 — Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's reposit — CVE Database · The Intelligence Room