CVE-2026-42259
- EPSS 0.34%
- Veröffentlicht 07.05.2026 18:54:57
- Zuletzt bearbeitet 08.05.2026 23:16:36
Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compli...
CVE-2026-41478
- EPSS 0.26%
- Veröffentlicht 24.04.2026 20:52:30
- Zuletzt bearbeitet 28.04.2026 14:58:44
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at l...
CVE-2026-40163
- EPSS 0.33%
- Veröffentlicht 10.04.2026 17:07:49
- Zuletzt bearbeitet 27.04.2026 13:36:14
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline_changes endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.json...