CVE-2026-8803

A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash. Remote exploitation of the attack is possible. The attack is considered to...

CVE-2025-10759

Webkul QloApps up to 1.7.0 is affected by a CSRF Token Handler vulnerability. Manipulating the token argument can bypass authorization, potentially enabling remote abuse. The exploit is public. Vendor states a fix will be implemented in the next major release; no specific patched version is provi...

Linux Distros Unpatched Vulnerability : CVE-2024-1554

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct...

CVE-2024-6387: Remote Unauthorized Code Execution Vulnerability in openSSH server (regreSSHion)

OpenSSH contains a remote code execution RCE vulnerability, exploitable by an unauthenticated attacker through a race condition. Successful exploitation can allow for the remote execution of arbitrary code. Note: This flaw has been demonstrated to be exploitable remotely on glibc-based Linux...

CVE-2023-43784

Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat...

SUSE CVE-2021-45957

Dnsmasq 2.86 has a heap-based buffer overflow in answerrequest called from FuzzAnswerTheRequest and fuzzrfc1035.c. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge...

CVE-2022-29620

FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability...

CVE-2022-27140

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload...

DEBIAN-CVE-2021-40145

gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes...

DEBIAN-CVE-2012-6124

A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes and is advertised as being unsuitable."...

ALPINE-CVE-2019-17543

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This issue can also lead to data corruption. NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."...

CVE-2019-10226

HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is a XSS protection...

HealthNode Hospital Management System 1.0 - SQL Injection

Exploit Title: HealthNode Hospital Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://sunriseservices.biz/ Software Link: https://codecanyon.net/item/healthnode-hospital-management-system/22368747 Version: 1.0 Category: Webapps...

Information disclosure

DISPUTED An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking...

CVE-2017-7305

Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contain...

CVE-2015-5652

Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really ...

DEBIAN-CVE-2007-6328

DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating system via the mount command. NOTE: the researcher reports a vendor response stating that this is not a security problem...

CVE-2003-1461

Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability CVE-2002-1473...