CVE-2026-24068

The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate clients at all. This means that any process can...

CVE-2026-24068 Missing XPC Client & NSXPC endpoint validation leads to privilege escalation in Vienna Assistant (MacOS) - Vienna Symphonic Library

The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate clients at all. This means that any process can...

CVE-2026-24068

The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate clients at all. This means that any process can...

CVE-2026-24068

The CVE-2026-24068 issue affects Vienna Assistant (MacOS) via the VSL privileged helper that uses NSXPC for IPC. The core problem is that shouldAcceptNewConnection does not validate clients, allowing any process to connect and invoke HelperToolProtocol functions, notably writeReceiptFile and runU...

PT-2026-28337

Name of the Vulnerable Software and Affected Versions Vienna Assistant affected versions not specified Description The Vienna Assistant privileged helper utilizes NSXPC for Inter-Process Communication IPC. The implementation of the shouldAcceptNewConnection function, used by the NSXPC framework t...

CVE-2026-26706

sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/viewreceipt.php...

Pharmacy Point Of Sale System 安全漏洞

The Pharmacy Point Of Sale System is a web-based application developed by Carlo Montero. It is used to help a pharmacy manage its sales transactions. Version 1.0 of the Pharmacy Point Of Sale System has a security vulnerability, which stems from an SQL injection vulnerability in the...

CVE-2025-13410

A vulnerability has been found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected is an unknown function of the file /admin/receipt.php. Such manipulation of the argument tid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and...

CVE-2025-13410

CVE-2025-13410 affects Campcodes Retro Basketball Shoes Online Store 1.0. The vulnerable component is the file /admin/receipt.php , where an attacker can manipulate the tid argument to trigger a SQL injection. This is described as a remote, publicly disclosed vulnerability with exploitation detai...

PT-2025-47529

Name of the Vulnerable Software and Affected Versions Campcodes Retro Basketball Shoes Online Store version 1.0 Description A SQL injection issue exists in Campcodes Retro Basketball Shoes Online Store version 1.0. The issue is related to the manipulation of the tid argument in the...

CVE-2025-9701

CVE-2025-9701 affects SourceCodester Simple Cafe Billing System 1.0. The vulnerability is a SQL injection in the file /receipt.php, caused by manipulation of the ID parameter, enabling remote exploitation. Multiple linked sources (NVD, Red Hat, CVE lists, and security notes) confirm remote attack...

PT-2024-38128 · Unknown · Sourcecodester School Fees Payment System

Name of the Vulnerable Software and Affected Versions: SourceCodester School Fees Payment System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /receipt.php. The manipulation of the ef id argument leads to SQL injection. This issu...