Browse all 3 CVE security advisories affecting saltcorn. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41478 | Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId) — saltcornCWE-89 | 10.0 | Critical | 2026-04-24 |
| CVE-2026-40163 | Saltcorn has an Unauthenticated Path Traversal in sync endpoints allows arbitrary file write and directory read — saltcornCWE-22 | 8.2 | High | 2026-04-10 |
| CVE-2024-47818 | Logged-in users with any role can delete arbitrary files in @saltcorn/server — saltcornCWE-22 | 6.5 | Medium | 2024-10-07 |
This page lists every published CVE security advisory associated with saltcorn. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.