CVE ID :CVE-2026-8802 Published : May 18, 2026, 10 a.m. | 1 hour, 7 minutes ago Description :A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument pic_filename results in path traversal. The attack may be launched remotely. The patch is identified as def0c27a0e252668df8d942fc31e16d1edfd7323. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...