web/security: add CVEs for 2.4.2, 2.3.4, 2.2.9 and 1.2.9