CVE-2026-8802

A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...

PT-2026-41671

Name of the Vulnerable Software and Affected Versions opensourcepos Open Source Point of Sale versions prior to 3.4.3 Description A flaw in the Employee Login component allows for the use of a weak hash. The issue is located in the Login function within the app/Models/Employee.php file. This...

FacturaScripts 跨站脚本漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2025.7 contained a cross-site scripting vulnerability. This vulnerability occurred due to the fsNick cookie parameter value being reflected directly into HTML, which...

dify 安全漏洞

Dify is an open-source LLM application development platform created by LangGenius. Versions of Dify prior to 1.14.1 contained security vulnerabilities. These vulnerabilities were due to an authorization bypass issue, which allowed authenticated users to modify user settings and enable tracking...

FacturaScripts 信息泄露漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to version 2026 contained a vulnerability related to information leakage. This vulnerability stemmed from the Library module not clearing the EXIF/XMP/IPTC metadata...

Open Source Point of Sale 路径遍历漏洞

Open Source Point of Sale is an open-source sales point system based on the Open Source Point of Sale framework. Versions of Open Source Point of Sale 3.4.2 and earlier have a path traversal vulnerability. This vulnerability arises from the operation of the getPicThumb function in the...

Open Source Point of Sale 加密问题漏洞

Open Source Point of Sale is an open-source sales point system based on the Open Source Point of Sale framework. Versions of Open Source Point of Sale 3.4.2 and earlier had encryption-related vulnerabilities. These vulnerabilities stemmed from a function in the Employee Login component called...

Malicious code in @zentrafinance/protocol-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dac3a1aa20b56dc05bd68918bf7f6148970c361a102fafcd7d75d807adc36862 The package @zentrafinance/protocol-config was found to contain malicious code. Source: ghsa-malware...

[SECURITY] Fedora 42 Update: firefox-150.0.3-1.fc42

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability...

nimiq-account (>=0.1.0 <=0.2.0), nimiq-accounts (>=0.1.0 <=0.2.0) +17 more potentially affected by CVE-2026-40092 via nimiq-keys (>=0.1.0 <=0.2.0)

nimiq-keys CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2026-40092 Source advisory: OSV:GHSA-27W2-87XV-37C6...

CVE-2026-45736 ws: Uninitialized memory disclosure

ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1...

Exploit for CVE-2026-42945

NGINX Rift RCE Proof of concept for CVE-2026-42945, a cri...

BIT-NGINX-2026-40460 NGINX ngx_quic_module vulnerability

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

[SECURITY] Fedora 43 Update: firefox-150.0.3-1.fc43

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability...

magento-lts 安全漏洞

Magento LTS is an open-source alternative to OpenMage, and it’s a reliable substitute for the official Magento CE version. Versions of Magento LTS prior to 20.18.0 had security vulnerabilities; these vulnerabilities stemmed from reflection-type cross-site scripting vulnerabilities in the data...

Security Bulletin: IBM Cognos Analytics is affected by multiple security vulnerabilities

Summary There are vulnerabilities in multiple Open-Source Software OSS components consumed by IBM Cognos Analytics. Please review the below vulnerabilities and take necessary remediation actions. This Security Bulletin relates only to the direct usage of third-party components by IBM Cognos...

CVE-2026-42158

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3...

EUVD-2026-30367

Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWTSECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability is fixed in 0.19.4...

EUVD-2026-30353

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate metadata from documents that are invisible to the publish service. This vulnerability is fixed in...

CVE-2026-42159

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised...