110734 matches found
CVE-2026-8803 opensourcepos Open Source Point of Sale Employee Login Employee.php login weak hash
A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash. Remote exploitation of the attack is possible. The attack is considered to...
EUVD-2026-30768
A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash. Remote exploitation of the attack is possible. The attack is considered to...
CVE-2026-8803
Open Source POS (opensourcepos) up to version 3.4.2 has a vulnerability in the Login function (app/Models/Employee.php) where weak password hashing is used. The issue arises from the default password being seeded with an older hash, then migrated after login, with a hash version check that may be...
CVE-2026-8802
A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...
CVE-2026-6346
creationtimestamp| type| source ---|---|--- 2026-05-18 10:53:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm4pj4wb2b2i 2026-05-18 18:00:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mm5hfq7huy2t 2026-05-21 02:37:09+00:00| seen|...
CVE-2026-8802 opensourcepos Open Source Point of Sale Items.php getPicThumb path traversal
A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...
CVE-2026-8802
Open Source POS (opensourcepos) up to version 3.4.2 contains a path traversal vulnerability in getPicThumb (app/Controllers/Items.php) caused by unsafely handling the pic_filename argument. Exploitation could be remote; a patch identified as def0c27a0e252668df8d942fc31e16d1edfd7323 is available a...
CVE-2026-8802 opensourcepos Open Source Point of Sale Items.php getPicThumb path traversal
A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...
CVE-2026-8802
A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...
CVE-2026-6341
creationtimestamp| type| source ---|---|--- 2026-05-18 09:19:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm4kb2qod22k...
CVE-2026-3495
creationtimestamp| type| source ---|---|--- 2026-05-18 09:04:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm4jg7ejsq2p...
CVE-2026-6478
creationtimestamp| type| source ---|---|--- 2026-05-18 09:02:04+00:00| seen| https://bsky.app/profile/PostgreSQL.activitypub.awakari.com.ap.brid.gy/post/3mm4j4wewdng2 2026-06-05 14:33:15+00:00| seen| https://bsky.app/profile/pgexperts.bsky.social/post/3mnke6ysiwm2c 2026-06-23 19:16:28+00:00| seen...
CVE-2026-4273
creationtimestamp| type| source ---|---|--- 2026-05-18 08:59:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm4j5attsm2h...
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP. The list of identified packages is below - chalk-tempalte 825 Downloads @deadcode09284814/axios-util 284 Downloads...
CVE-2026-6381
creationtimestamp| type| source ---|---|--- 2026-05-18 08:54:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm4iucfrwj2e 2026-05-30 11:01:39+00:00| seen| https://bsky.app/profile/keiwork35.bsky.social/post/3mn2vleu4kp2g...
CVE-2026-1631
creationtimestamp| type| source ---|---|--- 2026-05-18 08:49:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm4imms5k22h 2026-06-16 19:12:51+00:00| seen| https://bsky.app/profile/undercode.bsky.social/post/3mogixe3cpn2h...
CVE-2026-3220
creationtimestamp| type| source ---|---|--- 2026-05-18 08:42:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm4i7w3k3b2e 2026-05-30 11:01:45+00:00| seen| https://bsky.app/profile/keiwork35.bsky.social/post/3mn2vllbpsn2m 2026-06-25 16:11:31+00:00| seen|...
CVE-2026-2325
creationtimestamp| type| source ---|---|--- 2026-05-18 08:39:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm4i2k3hdm2c...
CVE-2026-6334
creationtimestamp| type| source ---|---|--- 2026-05-18 08:36:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm4hvnoaei2o...
CVE-2026-28759
creationtimestamp| type| source ---|---|--- 2026-05-18 08:34:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm4hr67zby2q...