870 matches found
CVE-2026-32712
Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Daily Sales management table. The customername column is configured with escape: false in the bootstrap-tabl...
WordPress Daily Prayer Time <2022.03.01 - SQL Injection
WordPress Daily Prayer Time plugin prior to 2022.03.01 contains a SQL injection vulnerability.. It does not sanitise and escape the month parameter before using it in a SQL statement via the getmonthlytimetable AJAX action, available to unauthenticated users, leading to SQL injection. id:...
EUVD-2026-28526
UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address documented in the protocol a...
exploitdb
The Exploit Database Git Repository This is an official repos...
CVE-2025-67223
The Aranda File Server AFS component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls...
CVE-2025-67223
The Aranda File Server AFS component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls...
PT-2026-35739
The Aranda File Server AFS component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls...
CVE-2026-6193
A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may...
CVE-2026-6193
A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may...
CVE-2026-6193
A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may...
PHPGurukul Daily Expense Tracking System SQL注入漏洞
The PHPGurukul Daily Expense Tracking System is a system for tracking daily expenses developed by PHPGurukul. Version 1.1 of the PHPGurukul Daily Expense Tracking System contains an SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “email” in the file...
CVE-2026-32712
Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Daily Sales management table. The customername column is configured with escape: false in the bootstrap-tabl...
CVE-2026-32712
Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Daily Sales management table. The customername column is configured with escape: false in the bootstrap-tabl...
EUVD-2026-19939
Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Daily Sales management table. The customername column is configured with escape: false in the bootstrap-tabl...
CVE-2026-32712
Open Source Point of Sale (OSPOS) has a Stored XSS vulnerability in the Daily Sales page prior to version 3.4.3. The issue arises from the customer_name field being configured with escape: false in the bootstrap-table setup, causing customer names to render as raw HTML. With customer management p...
CVE-2026-32712 Open Source Point of Sale has Stored XSS in Customer Name (Sales)
Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Daily Sales management table. The customername column is configured with escape: false in the bootstrap-tabl...
CVE-2026-32712 Open Source Point of Sale has Stored XSS in Customer Name (Sales)
Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Daily Sales management table. The customername column is configured with escape: false in the bootstrap-tabl...
PT-2026-31017
Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Daily Sales management table. The customer name column is configured with escape: false in the bootstrap-tab...
Open Source Point of Sale 跨站脚本漏洞
Open Source Point of Sale is an open-source sales point system based on the internet. Versions of Open Source Point of Sale prior to 3.4.3 had a cross-site scripting vulnerability. This vulnerability stemmed from improper configuration of the customername column in the Daily Sales management tabl...
CVE-2026-0049
creationtimestamp| type| source ---|---|--- 2026-04-06 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0399/ 2026-04-08 14:21:04+00:00| seen| https://bsky.app/profile/thedailytechfeed.com/post/3miyii2rd5w2x 2026-04-09 01:18:15+00:00| seen|...