19467 matches found
PT-2026-41828
Name of the Vulnerable Software and Affected Versions Escargot version 590345cc6258317c5da850d846ce6baaf2afc2d3 Description Uncontrolled Recursion allows the processing of oversized serialized data payloads. Recommendations At the moment, there is no information about a newer version that contain...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
10 Top OSINT Tools Every Investigator Should Know in 2026
Modern OSINT platforms rely more on AI and automation, while older social tracking methods keep losing access due to privacy and API restrictions...
5htp-airtable (>=0.0.1 <=0.1.2-3), @a-cube-io/ereceipts-js-sdk (=1.1.0) +146 more potentially affected by CVE-2025-57282 via ngrok (=5.0.0-beta.2)
ngrok NPM version =5.0.0-beta.2 is affected by a known vulnerability. The following packages have a transitive dependency on ngrok and may be impacted: - 5htp-airtable =0.0.1, =1.0.0, =5.0.0, =1.0.0, =3.1.6, =1.4.4, =1.0.0, =1.3.2, =1.0.31, =1.0.0, =1.0.26, =1.0.2, =1.1.0 and more Source cves:...
EUVD-2026-30561
Microsoft APM: Symlinks under .apm/prompts/ and .apm/agents/ are dereferenced during apm install, copying host-local file contents into the project tree...
CVE-2026-8803
A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash. Remote exploitation of the attack is possible. The attack is considered to...
CVE-2026-8803 opensourcepos Open Source Point of Sale Employee Login Employee.php login weak hash
A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash. Remote exploitation of the attack is possible. The attack is considered to...
CVE-2026-8803 opensourcepos Open Source Point of Sale Employee Login Employee.php login weak hash
A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash. Remote exploitation of the attack is possible. The attack is considered to...
CVE-2026-8803
Open Source POS (opensourcepos) up to version 3.4.2 has a vulnerability in the Login function (app/Models/Employee.php) where weak password hashing is used. The issue arises from the default password being seeded with an older hash, then migrated after login, with a hash version check that may be...
EUVD-2026-30768
A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash. Remote exploitation of the attack is possible. The attack is considered to...
CVE-2026-8802
A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...
CVE-2026-8802 opensourcepos Open Source Point of Sale Items.php getPicThumb path traversal
A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...
CVE-2026-8802
Open Source POS (opensourcepos) up to version 3.4.2 contains a path traversal vulnerability in getPicThumb (app/Controllers/Items.php) caused by unsafely handling the pic_filename argument. Exploitation could be remote; a patch identified as def0c27a0e252668df8d942fc31e16d1edfd7323 is available a...
CVE-2026-8802 opensourcepos Open Source Point of Sale Items.php getPicThumb path traversal
A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...
CVE-2026-8802
A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...
PT-2026-41671
Name of the Vulnerable Software and Affected Versions opensourcepos Open Source Point of Sale versions prior to 3.4.3 Description A flaw in the Employee Login component allows for the use of a weak hash. The issue is located in the Login function within the app/Models/Employee.php file. This...