1365 matches found
CVE-2026-26745
OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currencysymbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed SQL query without proper sanitization or...
CVE-2026-26745
OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currencysymbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed SQL query without proper sanitization or...
MAL-2026-951 Malicious code in printrables (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 062cd723b198a3d0af641a78b343642653fb80f4cbf527be765bb4e520cbd3ed Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
CVE-2026-26745
OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currencysymbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed SQL query without proper sanitization or...
opensourcepos 安全漏洞
opensourcepos is an open-source POS system developed by opensourcepos. Version 3.4.1 of opensourcepos contains a security vulnerability, which stems from improper handling of the currencysymbol configuration field. This vulnerability may lead to a second-level SQL injection attack...
CVE-2026-26745
OpenSourcePOS 3.4.1 is affected by a second‑order SQLi in the currency_symbol configuration field. The input is stored without sanitization and later concatenated into a dynamically constructed SQL query, allowing an attacker who can modify currency_symbol to inject arbitrary SQL that is executed...
CVE-2026-26745
OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currencysymbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed SQL query without proper sanitization or...
PT-2026-21255
Name of the Vulnerable Software and Affected Versions OpenSourcePOS version 3.4.1 Description The software contains a second order SQL Injection issue in how it handles the currency symbol configuration field. The input is stored and later used in a dynamically constructed SQL query without prope...
CVE-2026-26745
OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currencysymbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed SQL query without proper sanitization or...
USN-8033-7: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Nios II architecture; - Sun Sparc architecture; - User-Mode Linux UML; - x86 architecture; - Block layer subsystem;...
PT-2026-20560
Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...
USN-8034-2: Linux kernel (NVIDIA Tegra IGX) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Nios II architecture; - Sun Sparc architecture; - User-Mode Linux UML; - x86 architecture; - Block layer subsystem;...
CVE-2026-25993
EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / requestpath values—derived from the urlkey stored in the database—into SQL statements via string concatenation and passes them to execute. As a result, if a malicio...
CVE-2026-25993
EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / requestpath values—derived from the urlkey stored in the database—into SQL statements via string concatenation and passes them to execute. As a result, if a malicio...
CVE-2026-25993
EverShop (TypeScript-based eCommerce platform) is affected by a second-order SQL injection during category update/delete handling. The vulnerability stems from embedding path/request_path values, derived from the url_key stored in the database, into SQL statements via string concatenation that ar...
CVE-2026-25993 EverShop has a Second-Order SQL Injection in URL Rewrite Processing Derived from Category URL Keys
EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / requestpath values—derived from the urlkey stored in the database—into SQL statements via string concatenation and passes them to execute. As a result, if a malicio...
CVE-2026-25993
EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / requestpath values—derived from the urlkey stored in the database—into SQL statements via string concatenation and passes them to execute. As a result, if a malicio...
CVE-2026-25993 EverShop has a Second-Order SQL Injection in URL Rewrite Processing Derived from Category URL Keys
EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / requestpath values—derived from the urlkey stored in the database—into SQL statements via string concatenation and passes them to execute. As a result, if a malicio...
CVE-2026-25993 EverShop has a Second-Order SQL Injection in URL Rewrite Processing Derived from Category URL Keys
EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / requestpath values—derived from the urlkey stored in the database—into SQL statements via string concatenation and passes them to execute. As a result, if a malicio...
PT-2026-7418
Name of the Vulnerable Software and Affected Versions EverShop versions prior to 2.1.1 Description EverShop is a TypeScript-first eCommerce platform susceptible to a second-order SQL injection. During category update and deletion event handling, the application incorporates values from the url...