Lucene search
K

1692 matches found

RedhatCVE
RedhatCVE
added 2026/02/23 1:30 p.m.8 views

CVE-2026-27479

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

7.7CVSS5.4AI score0.00307EPSS
Exploits1References1
NVD
NVD
added 2026/02/21 9:15 a.m.16 views

CVE-2026-27479

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

7.7CVSS0.00307EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/21 8:15 a.m.3 views

CVE-2026-27479

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

7.7CVSS5.6AI score0.00307EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/21 8:15 a.m.4 views

CVE-2026-27479 Wallos: SSRF via Redirect Bypass in Logo/Icon URL Fetch

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

7.7CVSS5.5AI score0.00307EPSS
Exploits1References3
OSV
OSV
added 2026/02/21 8:15 a.m.3 views

CVE-2026-27479 Wallos: SSRF via Redirect Bypass in Logo/Icon URL Fetch

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

7.7CVSS5.6AI score0.00307EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/21 8:15 a.m.23 views

CVE-2026-27479 Wallos: SSRF via Redirect Bypass in Logo/Icon URL Fetch

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

7.7CVSS0.00307EPSS
Exploits1References3
CVE
CVE
added 2026/02/21 8:15 a.m.17 views

CVE-2026-27479

CVE-2026-27479 affects Wallos versions ≤ 4.6.0, where a SSRF issue arises in the logo/icon URL fetch. The application validates the target URL’s IP, but allows HTTP redirects (CURLOPT_FOLLOWLOCATION = true) and follows up to 3 redirects, bypassing the initial IP check and enabling access to inter...

7.7CVSS5.6AI score0.00307EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/21 12:0 a.m.7 views

PT-2026-21371

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

7.7CVSS5.6AI score0.00307EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.6 views

CVE-2026-24745

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Login Logo functions of InvoicePlane version 1.7.0. In the Upload Login Logo, the application allows uploading svg files. Althou...

7.5CVSS5.7AI score0.0022EPSS
Exploits1References1
NVD
NVD
added 2026/02/18 11:16 p.m.8 views

CVE-2026-24745

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Login Logo functions of InvoicePlane version 1.7.0. In the Upload Login Logo, the application allows uploading svg files. Althou...

7.5CVSS0.0022EPSS
Exploits1References2
CVE
CVE
added 2026/02/18 10:47 p.m.14 views

CVE-2026-24745

Summary of CVE-2026-24745 : InvoicePlane 1.7.0 is vulnerable to a Stored Cross-Site Scripting (XSS) issue in the Upload Login Logo feature, which accepts SVG uploads. The root cause is improper handling of uploaded SVG content, enabling stored script execution. Impact described in sources include...

7.5CVSS5.7AI score0.0022EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/18 10:47 p.m.22 views

CVE-2026-24745 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Login Logo functions of InvoicePlane version 1.7.0. In the Upload Login Logo, the application allows uploading svg files. Althou...

5.7CVSS0.0022EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/18 10:47 p.m.4 views

CVE-2026-24745 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Login Logo functions of InvoicePlane version 1.7.0. In the Upload Login Logo, the application allows uploading svg files. Althou...

5.7CVSS5.7AI score0.0022EPSS
Exploits1References2
OSV
OSV
added 2026/02/18 10:47 p.m.6 views

CVE-2026-24745 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Login Logo functions of InvoicePlane version 1.7.0. In the Upload Login Logo, the application allows uploading svg files. Althou...

5.7CVSS5.7AI score0.0022EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/18 8:59 p.m.5 views

CVE-2026-24743 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Invoice Logo functions of InvoicePlane version 1.7.0. The Upload Invoice Logo function allows the application to upload svg file...

5.7CVSS5.7AI score0.0022EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/18 8:59 p.m.21 views

CVE-2026-24743 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Invoice Logo functions of InvoicePlane version 1.7.0. The Upload Invoice Logo function allows the application to upload svg file...

5.7CVSS0.0022EPSS
Exploits1References2
CVE
CVE
added 2026/02/18 8:59 p.m.13 views

CVE-2026-24743

InvoicePlane 1.7.0 is affected by a stored XSS in the Upload Invoice Logo SVG handling. The vulnerability can enable attacker-controlled script execution via uploaded logos, potentially leading to unauthorized data modification, persistence (backdoors), and compromise of application integrity. Re...

7.5CVSS5.7AI score0.0022EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/18 8:59 p.m.6 views

CVE-2026-24743 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Invoice Logo functions of InvoicePlane version 1.7.0. The Upload Invoice Logo function allows the application to upload svg file...

5.7CVSS5.7AI score0.0022EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.6 views

PT-2026-20545

Name of the Vulnerable Software and Affected Versions InvoicePlane version 1.7.0 Description InvoicePlane is a self-hosted open source application used for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS issue exists in the upload Login Logo function. The application...

7.5CVSS5.5AI score0.0022EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.8 views

InvoicePlane 跨站脚本漏洞

InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing your quotes, invoices, customers, and payments. Version 1.7.0 of InvoicePlane contains a cross-site scripting vulnerability. This vulnerability stems from the login logo...

7.5CVSS5.6AI score0.0022EPSS
Exploits1References2
Rows per page
Query Builder