Lucene search
+L

118 matches found

RedhatCVE
RedhatCVE
added 2026/05/09 2:21 a.m.15 views

CVE-2026-42259

Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward...

5.1CVSS5.7AI score0.00339EPSS
Exploits0References1
NVD
NVD
added 2026/05/07 8:16 p.m.13 views

CVE-2026-42259

Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward...

5.1CVSS0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/07 6:54 p.m.49 views

CVE-2026-42259 Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass)

Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward...

5.1CVSS0.00339EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/07 6:54 p.m.13 views

EUVD-2026-28431

Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward...

5.1CVSS5.7AI score0.00339EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 6:54 p.m.7 views

CVE-2026-42259

Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward...

5.1CVSS5.7AI score0.00339EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 6:54 p.m.7 views

CVE-2026-42259 Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass)

Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward...

5.1CVSS5.7AI score0.00339EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 6:54 p.m.19 views

CVE-2026-42259

Technical details are not publicly available in the provided Connected documents. Monitor for updates on Saltcorn CVE-2026-42259 for any vendor advisories or patches beyond the initial description.

5.1CVSS5.7AI score0.00339EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 6:54 p.m.4 views

CVE-2026-42259 Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass)

Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward...

5.1CVSS5.9AI score0.00339EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

Saltcorn 输入验证错误漏洞

Saltcorn is an open-source, scalable, and code-free database application builder developed by Saltcorn developers. Vulnerabilities existed in versions prior to Saltcorn 1.4.6, 1.5.6, and 1.6.0-beta.5, due to input validation errors. These vulnerabilities stemmed from the dest parameter validation...

5.1CVSS5.8AI score0.00339EPSS
Exploits0References2
NVD
NVD
added 2026/04/24 9:16 p.m.5 views

CVE-2026-41478

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

9.9CVSS0.00264EPSS
Exploits0References1
CVE
CVE
added 2026/04/24 8:52 p.m.17 views

CVE-2026-41478

CVE-2026-41478 summary (Saltcorn). Saltcorn prior to 1.4.6, 1.5.6, and 1.6.0-beta.5 contains a SQL injection in the mobile-sync endpoints that can be triggered by an authenticated, low-privilege user with read access to at least one table. The vulnerability allows injection of arbitrary SQL via s...

9.9CVSS5.9AI score0.00264EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/24 8:52 p.m.4 views

CVE-2026-41478 Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

9.9CVSS5.8AI score0.00264EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/24 8:52 p.m.34 views

CVE-2026-41478 Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

9.9CVSS0.00264EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 8:52 p.m.6 views

EUVD-2026-25633

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

9.9CVSS5.9AI score0.00264EPSS
Exploits0References1
OSV
OSV
added 2026/04/24 8:52 p.m.2 views

CVE-2026-41478 Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

9.9CVSS6.1AI score0.00264EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/24 8:52 p.m.7 views

CVE-2026-41478

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

9.9CVSS5.9AI score0.00264EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.8 views

PT-2026-35085

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

9.9CVSS5.9AI score0.00264EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.14 views

Saltcorn SQL注入漏洞

Saltcorn is an open-source, scalable, and code-free database application builder developed by Saltcorn. Versions prior to Saltcorn 1.4.6, 1.5.6, and 1.6.0-beta.5 have a SQL injection vulnerability. This vulnerability stems from the SQL injection in Saltcorn’s mobile-sync routing mechanism, allowi...

9.9CVSS6AI score0.00264EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/22 2:31 p.m.8 views

@saltcorn/admin-models (>=1.6.0-alpha.0 <=1.6.0-alpha.17), @saltcorn/base-plugin (>=1.6.0-alpha.0 <=1.6.0-alpha.17) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.6.0-alpha.0 <=1.6.0-alpha.9)

@saltcorn/data NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.17 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNDATA-16318351...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/22 2:31 p.m.40 views

@saltcorn/cli (>=1.6.0-alpha.0 <=1.6.0-alpha.17), @saltcorn/mobile-builder (>=1.6.0-alpha.0 <=1.6.0-alpha.17) potentially affected by unknown CVE via @saltcorn/server (>=1.6.0-alpha.0 <=1.6.0-alpha.9)

@saltcorn/server NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.17 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNSERVER-16318352...

5.8AI score
Exploits0
Rows per page
Query Builder