VIR Vulnerability Intelligence Relay

Package impact

npm npm / @saltcorn/server

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-41478 critical 9.9 9.9 1mo ago Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)
CVE-2026-42259 medium 5.5 27d ago Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass)
CVE-2026-40163 unknown 2mo ago Saltcorn has an Unauthenticated Path Traversal in sync endpoints, allowing arbitrary file write and directory read
CVE-2024-47818 unknown 2y ago Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability