CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1004 matches found

POS Codekop v2.0 - Cross Site Scripting

POS Codekop v2.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the nmmember parameter at print.php. id: CVE-2023-36346 info: name: POS Codekop v2.0 - Cross Site Scripting author: r3Y3r53 severity: medium description: | POS Codekop v2.0 was discovered to contain ...

6.1CVSS6.2AI score0.09444EPSS

Exploits4References5

Nuclei•added 11 hours ago•49 views

POS Codekop v2.0 - Broken Authentication

A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. id: CVE-2023-36347 info: name: POS Codekop v2.0 - Broken Authentication author: princechaddha severity: high description: | A broken authentication mechanism ...

7.5CVSS7.1AI score0.8448EPSS

Exploits1

NVD•added yesterday•2 views

CVE-2026-42839

An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the itemname, description, or image fields of an Item and trigger unescaped rendering in the Point of Sale POS cart interface for every operator who adds that item to a transaction.This issue...

4.8CVSS

Exploits0References2

CVE•added yesterday•3 views

CVE-2026-42839

CVE-2026-42839 describes a stored XSS in ERPNext 16.16.0. An authenticated user with Item record edit permissions can persist arbitrary HTML/JavaScript in item_name, description, or image fields, causing unescaped rendering in the POS cart interface for every operator adding that item to a transa...

4.8CVSS5.9AI score

Exploits0References2

Positive Technologies•added yesterday•4 views

PT-2026-46044

Name of the Vulnerable Software and Affected Versions ERPNext version 16.16.0 Description An authenticated user can persist arbitrary HTML or JavaScript within the email id or mobile no fields of a Customer record. This leads to unescaped rendering in the Point of Sale POS interface for any...

5.1CVSS5.9AI score

Exploits0References5

RedhatCVE•added last week•8 views

CVE-2026-46198

A flaw was found in the Linux kernel's batman-adv component. An integer overflow in the batadvivogmsendtoif function, specifically with the buffpos variable, can lead to an out-of-bound read. This occurs because the size check uses an int type while buffpos uses an s16 type, causing a mismatch th...

8.8CVSS5.8AI score0.0003EPSS

Exploits0References4

RedhatCVE•added last week•7 views

CVE-2026-9446

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/editcustomer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed t...

5.8CVSS5.7AI score0.00036EPSS

Exploits0References1

Cvelist•added 2026/05/28 9:40 a.m.•22 views

CVE-2026-46198 batman-adv: fix integer overflow on buff_pos

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix integer overflow on buffpos Fixing an integer overflow present in batadvivogmsendtoif. The size check is done using the int type in batadvivogmaggrpacket whereas the buffpos variable uses the s16 type. This could...

8.8CVSS0.0003EPSS

Exploits0References8

RedhatCVE•added 2026/05/26 8:15 p.m.•8 views

CVE-2026-9445

A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible...

6.5CVSS6.2AI score0.0004EPSS

Exploits0References1

RedhatCVE•added 2026/05/26 8:14 p.m.•10 views

CVE-2026-9447

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has be...

7.5CVSS6.9AI score0.00039EPSS

Exploits0References1

NVD•added 2026/05/25 11:16 a.m.•7 views

CVE-2026-9447

7.5CVSS0.00039EPSS

Exploits0References5

NVD•added 2026/05/25 10:16 a.m.•7 views

CVE-2026-9446

5.8CVSS0.00036EPSS

Exploits0References5

NVD•added 2026/05/25 10:16 a.m.•3 views

CVE-2026-9444

A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be launched remotely...

5.8CVSS0.00036EPSS

Exploits0References5

NVD•added 2026/05/25 10:16 a.m.•5 views

CVE-2026-9445

6.5CVSS0.0004EPSS

Exploits0References5

ATTACKERKB•added 2026/05/25 9:45 a.m.•9 views

CVE-2026-9447

7.5CVSS6.9AI score0.00039EPSS

Exploits0References5Affected Software1

CVE•added 2026/05/25 9:45 a.m.•10 views

CVE-2026-9447

SourceCodester Simple POS and Inventory System 1.0 contains a SQL injection vulnerability in the /user/search.php endpoint, triggered by manipulating the Name parameter. This is a network-accessible issue reported as remote, with the exploit publicly available. The connected documents provide the...

7.5CVSS6.9AI score0.00039EPSS

Exploits0References5