The vulnerabilities are described in detail on my blog here: https://conduition.io/code/mercury-disclosure/