Lucene search
K

1018 matches found

Nuclei
Nuclei
added 7 hours ago73 views

POS Codekop v2.0 - Cross Site Scripting

POS Codekop v2.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the nmmember parameter at print.php. id: CVE-2023-36346 info: name: POS Codekop v2.0 - Cross Site Scripting author: r3Y3r53 severity: medium description: | POS Codekop v2.0 was discovered to contain ...

6.1CVSS6.4AI score0.05295EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday84 views

POS Codekop v2.0 - Broken Authentication

A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. id: CVE-2023-36347 info: name: POS Codekop v2.0 - Broken Authentication author: princechaddha severity: high description: | A broken authentication mechanism ...

7.5CVSS7AI score0.34293EPSS
Exploits1
NVD
NVD
added 2026/07/02 12:17 p.m.8 views

CVE-2026-57688

Unauthenticated Broken Access Control in POS Entegratör = 3.7.103 versions...

8.2CVSS0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 11:15 a.m.7 views

EUVD-2026-41297

Unauthenticated Broken Access Control in POS Entegratör = 3.7.103 versions...

8.2CVSS5.8AI score0.00242EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.12 views

CVE-2026-57688

The CVE concerns the WordPress POS Entegratör plugin (versions

8.2CVSS5.8AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.37 views

CVE-2026-57688 WordPress POS Entegratör plugin <= 3.7.103 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in POS Entegratör = 3.7.103 versions...

8.2CVSS0.00242EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/29 2:19 p.m.8 views

WordPress POS Entegratör plugin <= 3.7.103 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by hivesec in WordPress Plugin POS Entegratör versions = 3.7.103...

8.2CVSS5.8AI score0.00242EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/16 9:0 a.m.15 views

CVE-2026-52711

CVE-2026-52711 affects the WordPress WooCommerce POS plugin, version

7.5CVSS5.1AI score0.00232EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 2:15 p.m.14 views

Malicious code in @easytipsportal/pos-adapters (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b3beea7d832b4efd2ebc9c3a8eb2ffe1507564985414f7cf399abbd8fc55bc6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
Snyk
Snyk
added 2026/06/10 2:15 p.m.9 views

Malicious Package

Overview @easytipsportal/pos-adapters is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/10 2:15 p.m.13 views

MAL-2026-5504 Malicious code in @easytipsportal/pos-adapters (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b3beea7d832b4efd2ebc9c3a8eb2ffe1507564985414f7cf399abbd8fc55bc6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.19 views

CVE-2026-6072

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin protects its entire /wp-json/pos-bridge/ REST API namespace through the oliverposrestauthentication...

6.5CVSS5.4AI score0.00475EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.11 views

CVE-2026-42839

An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the itemname, description, or image fields of an Item and trigger unescaped rendering in the Point of Sale POS cart interface for every operator who adds that item to a transaction.This issue...

4.8CVSS5.6AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.11 views

CVE-2026-42840

An authenticated user can persist arbitrary HTML/JavaScript in the emailid or mobileno fields of a Customer record and trigger unescaped rendering in the Point of Sale POS interface for every operator who selects that customer. This issue affects ERPNext: 16.16.0...

5.1CVSS5.6AI score0.00243EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 7:16 p.m.14 views

CVE-2026-42839

An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the itemname, description, or image fields of an Item and trigger unescaped rendering in the Point of Sale POS cart interface for every operator who adds that item to a transaction.This issue...

4.8CVSS0.00261EPSS
Exploits0References2
OSV
OSV
added 2026/06/03 5:44 p.m.3 views

CVE-2026-42839 ERPNext 16.16.0 - Stored XSS in POS cart item rendering

An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the itemname, description, or image fields of an Item and trigger unescaped rendering in the Point of Sale POS cart interface for every operator who adds that item to a transaction.This issue...

4.8CVSS6.1AI score0.00261EPSS
Exploits0References4
CVE
CVE
added 2026/06/03 5:44 p.m.29 views

CVE-2026-42839

CVE-2026-42839 describes a stored XSS in ERPNext 16.16.0. An authenticated user with Item record edit permissions can persist arbitrary HTML/JavaScript in item_name, description, or image fields, causing unescaped rendering in the POS cart interface for every operator adding that item to a transa...

4.8CVSS5.9AI score0.00261EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.16 views

PT-2026-46044

Name of the Vulnerable Software and Affected Versions ERPNext version 16.16.0 Description An authenticated user can persist arbitrary HTML or JavaScript within the email id or mobile no fields of a Customer record. This leads to unescaped rendering in the Point of Sale POS interface for any...

5.1CVSS5.9AI score0.00243EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/28 9:9 p.m.14 views

CVE-2026-46198

A flaw was found in the Linux kernel's batman-adv component. An integer overflow in the batadvivogmsendtoif function, specifically with the buffpos variable, can lead to an out-of-bound read. This occurs because the size check uses an int type while buffpos uses an s16 type, causing a mismatch th...

8.8CVSS5.8AI score0.00281EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.14 views

CVE-2026-9446

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/editcustomer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed t...

5.8CVSS5.7AI score0.00258EPSS
Exploits0References1
Rows per page
Query Builder