CVE-2026-33399

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...

CVE-2026-33399 Wallos: SSRF Bypass - Incomplete Fix for CVE-2026-30839/30840

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...

CVE-2026-33399

CVE-2026-33399 / CVE-2026-33401 (Wallos): Open-source personal subscription tracker with SSRF flaws that were partially patched in version 4.7.0. The issues arise from incomplete SSRF mitigation: while 4.6.2 added protection to some notification endpoints, it did not cover all save/test paths, en...

CVE-2026-33399 Wallos: SSRF Bypass - Incomplete Fix for CVE-2026-30839/30840

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...

WordPress plugin Tablesome 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

CVE-2018-13439

The CVE-2018-13439 entry affects WXPayUtil in the WeChat Pay Java SDK, where the WXPayUtil class is vulnerable to XML External Entity (XXE) attacks via a merchant notification URL. The connected documents confirm XXE exploitation risk and describe the underlying issue as improper XML processing t...