All 3 CVE vulnerabilities found in saltcorn, with AI-generated Chinese analysis, references, and POCs.
Vendor: saltcorn
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41478 | Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId) CWE-89 | 10.0 | Critical | 2026-04-24 |
| CVE-2026-40163 | Saltcorn has an Unauthenticated Path Traversal in sync endpoints allows arbitrary file write and directory read CWE-22 | 8.2 | High | 2026-04-10 |
| CVE-2024-47818 | Logged-in users with any role can delete arbitrary files in @saltcorn/server CWE-22 | 6.5 | Medium | 2024-10-07 |
All 3 known CVE vulnerabilities affecting saltcorn with full Chinese analysis, references, and POCs where available.