EUVD-2026-16509

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...

CVE-2026-33730 Open Source Point of Sale has an IDOR in Password Change (Home)

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...

CVE-2025-70341

Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files...

CVE-2025-68434

CVE-2025-68434 affects OpenSourcePOS 3.4.0–3.4.1, where CSRF protection was explicitly disabled in the global filters, allowing a logged-in administrator’s browser to be coerced into making state-changing POST requests and silently create a new Administrator account. The issue is fixed in 3.4.2 b...

PT-2024-36294 · Unknown +1 · Syntaxhighlighter +1

Name of the Vulnerable Software and Affected Versions: CK and SyntaxHighlighter versions n/a through 3.4.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a w...

LibreSSL 信任管理问题漏洞

LibreSSL is an open source implementation of a secure socket layer and transport layer security protocol. A security vulnerability exists in LibreSSL versions prior to 3.4.2, which stems from an error that sometimes drops unvalidated certificate chains, and an authentication bypass...

SUSE CVE-2018-10001

The decodeinit function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service out of array read via an AVI file...

go-with-me SQL注入漏洞

go-with-me is a CPE342 database project by porpeeranut individual developers. A SQL injection vulnerability exists in go-with-me. An attacker could exploit this vulnerability to perform a sql injection attack...

CVE-2021-3427

creationtimestamp| type| source ---|---|--- 2022-08-26 20:30:23+00:00| seen| https://t.me/cibsecurity/48892...

drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.

...

Adobe Shockwave Player Memory Corruption Vulnerability (CNVD-2019-10621)

Adobe Shockwave Player is a multimedia player product from the American company Adobe. The product is able to Adobe Director a multimedia production software produced by the application published to the Internet, installed with the Shockwave plug-in browser can be viewed. A memory corruption...