1. PostGrid API Security Flaw: Unfiltered HTML Injection Risks Physical Postcard Abuse
A critical security vulnerability in the PostGrid integration code allows unvalidated user HTML to be printed directly onto physical postcards. The flaw, identified in the backend's postcard and draft handling routes, passes raw `frontHTML` and `backHTML` from user requests directly to the PostGrid API without sanitiza...