CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

116 matches found

RedhatCVE•added 2026/05/09 2:21 a.m.•10 views

CVE-2026-42259

Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward...

5.1CVSS5.7AI score0.00339EPSS

Exploits0References1

NVD•added 2026/05/07 8:16 p.m.•10 views

CVE-2026-42259

5.1CVSS0.00339EPSS

Exploits0References1

CVE•added 2026/05/07 6:54 p.m.•15 views

CVE-2026-42259

Technical details are not publicly available in the provided Connected documents. Monitor for updates on Saltcorn CVE-2026-42259 for any vendor advisories or patches beyond the initial description.

5.1CVSS5.7AI score0.00339EPSS

Exploits0References1

Vulnrichment•added 2026/05/07 6:54 p.m.•6 views

CVE-2026-42259 Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass)

5.1CVSS5.7AI score0.00339EPSS

Exploits0References1

EUVD•added 2026/05/07 6:54 p.m.•9 views

EUVD-2026-28431

5.1CVSS5.7AI score0.00339EPSS

Exploits0References1

Cvelist•added 2026/05/07 6:54 p.m.•34 views

CVE-2026-42259 Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass)

5.1CVSS0.00339EPSS

Exploits0References1

ATTACKERKB•added 2026/05/07 6:54 p.m.•5 views

CVE-2026-42259

5.1CVSS5.7AI score0.00339EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/05/07 12:0 a.m.•8 views

Saltcorn 输入验证错误漏洞

Saltcorn is an open-source, scalable, and code-free database application builder developed by Saltcorn developers. Vulnerabilities existed in versions prior to Saltcorn 1.4.6, 1.5.6, and 1.6.0-beta.5, due to input validation errors. These vulnerabilities stemmed from the dest parameter validation...

5.1CVSS5.8AI score0.00339EPSS

Exploits0References2

NVD•added 2026/04/24 9:16 p.m.•2 views

CVE-2026-41478

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

9.9CVSS0.00264EPSS

Exploits0References1

Vulnrichment•added 2026/04/24 8:52 p.m.•0 views

CVE-2026-41478 Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)

9.9CVSS5.8AI score0.00264EPSS

Exploits0References1

Cvelist•added 2026/04/24 8:52 p.m.•29 views

CVE-2026-41478 Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)

9.9CVSS0.00264EPSS

Exploits0References1

EUVD•added 2026/04/24 8:52 p.m.•3 views

EUVD-2026-25633

9.9CVSS5.9AI score0.00264EPSS

Exploits0References1

ATTACKERKB•added 2026/04/24 8:52 p.m.•4 views

CVE-2026-41478

9.9CVSS5.9AI score0.00264EPSS

Exploits0References2Affected Software1

CVE•added 2026/04/24 8:52 p.m.•11 views

CVE-2026-41478

CVE-2026-41478 summary (Saltcorn). Saltcorn prior to 1.4.6, 1.5.6, and 1.6.0-beta.5 contains a SQL injection in the mobile-sync endpoints that can be triggered by an authenticated, low-privilege user with read access to at least one table. The vulnerability allows injection of arbitrary SQL via s...

9.9CVSS5.9AI score0.00264EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/04/24 12:0 a.m.•10 views

Saltcorn SQL注入漏洞

Saltcorn is an open-source, scalable, and code-free database application builder developed by Saltcorn. Versions prior to Saltcorn 1.4.6, 1.5.6, and 1.6.0-beta.5 have a SQL injection vulnerability. This vulnerability stems from the SQL injection in Saltcorn’s mobile-sync routing mechanism, allowi...

9.9CVSS6AI score0.00264EPSS

Exploits0References2

Positive Technologies•added 2026/04/24 12:0 a.m.•5 views

PT-2026-35085

9.9CVSS5.9AI score0.00264EPSS

Exploits0References2

vulnersOsv•added 2026/04/22 2:31 p.m.•27 views

@saltcorn/admin-models (>=1.5.0 <=1.5.0-rc.2), @saltcorn/base-plugin (>=1.5.0 <=1.5.0-rc.2) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.5.0-beta.0 <=1.5.0)

@saltcorn/data NPM version =1.5.0-beta.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0-rc.2 Source cves: unknown CVE Source advisory: OSV:GHSA-9237-RG5P-RHFW...

5.8AI score

Exploits0

vulnersOsv•added 2026/04/22 2:31 p.m.•5 views

@christianhugo/mobile-builder (>=0.7.3-beta.3 <=0.7.4-beta.9), @christianhugoch/cli (>=0.7.2-beta.12 <=0.7.2-beta.13) +95 more potentially affected by unknown CVE via @saltcorn/data (>=0.0.2 <=1.4.3)

@saltcorn/data NPM version =0.0.2, =0.7.3-beta.3, =0.7.2-beta.12, =0.1.0, =0.0.1, =1.0.0, =0.1.4, =0.6.4, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =0.0.2, =1.4.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-9237-RG5P-RHFW...

5.5AI score

Exploits0

vulnersOsv•added 2026/04/22 2:31 p.m.•5 views

@saltcorn/admin-models (>=1.0.0 <=1.4.3), @saltcorn/base-plugin (>=1.0.0 <=1.4.3) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.0.0-beta.0 <=1.4.3)

@saltcorn/data NPM version =1.0.0-beta.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.4.3 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNDATA-16318351...

5.8AI score

Exploits0

vulnersOsv•added 2026/04/22 2:31 p.m.•5 views

@saltcorn/admin-models (>=1.6.0-alpha.0 <=1.6.0-alpha.17), @saltcorn/base-plugin (>=1.6.0-alpha.0 <=1.6.0-alpha.17) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.6.0-alpha.0 <=1.6.0-alpha.9)

@saltcorn/data NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.17 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNDATA-16318351...

5.8AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by