Vulnerabilities in SolidInvoice

2 results

CVE-2026-46489HIGHSolidInvoice: Unrestricted file upload with no MIME validation allows stored XSS via malicious SVG logoEPSS 0.3%CVE-2026-46622HIGHSolidInvoice: API tokens stored as plaintext in the database allowing full credential compromise on database breachEPSS 0.2%