CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-24913

SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, information stored in the database may be obtained or altered by a user who can log in to the product.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.9%

CVSS Severity

CVSS v3 Score 8.8

References

https://jvn.jp/en/jp/JVN33581068/
https://oss.icz.co.jp/news/?p=1386

Products affected by CVE-2026-24913

Icz » Matcha Invoice » Version: Any

cpe:2.3:a:icz:matcha_invoice:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-24913

Products

Pricing

Contact Us