CVE-2026-50636 is a HIGH severity vulnerability in LimeSurvey's RemoteControl API. The invite_participants and remind_participants methods are susceptible to SQL injection due to improper handling of user-supplied token-ID arrays. An authenticated attacker with the tokens/update permission can inject malicious SQL, enabling arbitrary data reads and writes across the database, including sensitive informati [truncated]
CVE-2026-50635 is a HIGH-severity vulnerability in LimeSurvey, a popular open-source survey software. The issue arises from LimeSurvey's insecure handling of the HTTP Host header when generating password reset links. Specifically, the software constructs these links without proper validation of the Host header, which is supplied by the client. This oversight enables a remote, unauthenticated attacker to s [truncated]
