Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/02/21 1:31 a.m.14 views

CVE-2026-26745

OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currencysymbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed SQL query without proper sanitization or...

5.3CVSS6.1AI score0.00299EPSS
Exploits1References1
NVD
NVD
added 2026/02/20 5:25 p.m.11 views

CVE-2026-26745

OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currencysymbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed SQL query without proper sanitization or...

5.3CVSS0.00299EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/20 12:0 a.m.5 views

CVE-2026-26745

OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currencysymbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed SQL query without proper sanitization or...

6.1AI score0.00299EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/20 12:0 a.m.4 views

CVE-2026-26745

OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currencysymbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed SQL query without proper sanitization or...

6AI score0.00299EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.7 views

PT-2026-21255

Name of the Vulnerable Software and Affected Versions OpenSourcePOS version 3.4.1 Description The software contains a second order SQL Injection issue in how it handles the currency symbol configuration field. The input is stored and later used in a dynamically constructed SQL query without prope...

5.7AI score0.00299EPSS
Exploits1References4
CVE
CVE
added 2026/02/20 12:0 a.m.13 views

CVE-2026-26745

CVE-2026-26745 affects OpenSourcePOS 3.4.1. Affected component: the currency_symbol configuration field. The vulnerability is a second-order SQL Injection where input is stored and later concatenated into a dynamically constructed SQL query without proper sanitization or parameter binding. This c...

5.3CVSS6.1AI score0.00299EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

opensourcepos 安全漏洞

opensourcepos is an open-source POS system developed by opensourcepos. Version 3.4.1 of opensourcepos contains a security vulnerability, which stems from improper handling of the currencysymbol configuration field. This vulnerability may lead to a second-level SQL injection attack...

5.3CVSS5.8AI score0.00299EPSS
Exploits1References2
OSV
OSV
added 2026/02/20 12:0 a.m.5 views

CVE-2026-26745

OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currencysymbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed SQL query without proper sanitization or...

5.3CVSS6.2AI score0.00299EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/20 12:0 a.m.25 views

CVE-2026-26745

OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currencysymbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed SQL query without proper sanitization or...

0.00299EPSS
Exploits1References2
wpexploit
wpexploit
added 2022/01/06 12:0 a.m.126 views

Ultimate Product Catalog < 5.0.26 - Subscriber+ Arbitrary Product Creation & Settings Update

The plugin does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin's settings for example To add a product: fetch"https://example.com/wp-admin/admin-ajax.php",...

6.5CVSS0.2AI score0.00469EPSS
Exploits2References1
Microsoft KB
Microsoft KB
added 2020/04/10 12:0 a.m.6 views

June 4, 2019, update for Excel 2016 (KB4464578)

June 4, 2019, update for Excel 2016 KB4464578 This article describes update 4464578 for Microsoft Excel 2016 that was released on June 4, 2019.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to the...

6.3AI score
Exploits0
Microsoft KB
Microsoft KB
added 2020/04/09 12:0 a.m.8 views

An update is available that changes the currency symbol of Latvia to the euro (€) in Windows

An update is available that changes the currency symbol of Latvia to the euro € in Windows Introduction An update is available that changes the currency symbol of Latvia from the Latvian lats Ls to the euro € in Windows. Note Latvia adopts the euro on January 1, 2014. This update applies to the...

6.6AI score
Exploits0
Microsoft KB
Microsoft KB
added 2020/04/09 12:0 a.m.9 views

Update to support the new currency symbol for the Russian ruble in Windows

Update to support the new currency symbol for the Russian ruble in Windows About this update After you apply this update, the new Russian ruble symbol can be input by using the physical keyboard, Windows on-screen keyboard osk.exe, or Tablet PC Input Panel Tabtip.exe in Windows 8.1, Windows RT 8....

5.9AI score
Exploits0
Rows per page
Query Builder