CVE-2026-46622 SolidInvoice: API tokens stored as plaintext in the database allowing full credential compromise on database breach
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the apitokens database table. Any attacker who obtains read access to the database — through SQL injection, a leaked backup, a...