CVE-2026-46622
SolidInvoice before v2.3.17 stores API tokens in plaintext in the api_tokens database table. If an attacker gains read access to the database (e.g., via SQL injection, leaked backups, misconfigured replicas, or insider access), they can immediately obtain all API credentials for every user with n...