This paragraph summarizes the key points of the text without using lists, ordered or unordered bullet points, or code snippets. The summary highlights that three vulnerabilities were discovered in NodeBB 1.18.4, including a Path Traversal vulnerability that allows attackers to read arbitrary JSON files, a Wormable Cross-Site Scripting (XSS) attack that can spread from user to user, and an API Authentication Bypass that enables Remote Code Execution on the server. The maintainers of NodeBB have implemented patches for these vulnerabilities, which are now available in version 1.18.5. It is recommended to update to this version as soon as possible due to the severity of the API authentication bypass vulnerability.