Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-26745
OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currency_symbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed SQL query without proper sanitization or parameter binding. This allows an attacker with access to modify the currency_symbol value to inject arbitrary SQL expressions, which are executed when the affected query is subsequently processed.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-02-20
CVE-2026-26746
OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice() function. An attacker can read arbitrary files on the web server by manipulating the Invoice Type configuration. This issue can be chained with the file upload functionality to achieve Remote Code Execution (RCE).
CVSS Score
8.8
EPSS Score
0.003
Published
2026-02-20
CVE-2026-26095
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-02-20
CVE-2026-26096
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-02-20
CVE-2026-26097
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-02-20
CVE-2026-26098
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-02-20
CVE-2026-26099
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-02-20
CVE-2026-26100
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-02-20
CVE-2026-26101
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-02-20
CVE-2026-26093
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.
CVSS Score
9.8
EPSS Score
0.003
Published
2026-02-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved