15 matches found
CVE-2026-33400
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, a stored cross-site scripting XSS vulnerability in the payment method rename endpoint allows any authenticated user to inject arbitrary JavaScript that executes when any user visits the Settings,...
CVE-2026-33407
Wallos
PT-2026-27470
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 CVE-2026-30840 added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI...
CVE-2026-4542
CVE-2026-4542 affects SSCMS 4.7.0, specifically the LayerImage Endpoint’s LayerImageController.Submit.cs handling of the filePaths argument. The root cause is manipulation of filePaths leading to path traversal. Attack can be performed remotely; exploit maturity is PROOF-OF-CONCEPT. CVSS metrics ...
CVE-2026-24502
Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2025-11699
nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged endpoints such as /admin even after the legitimate user has logged out, enabling session hijacking...
GL-Inet GL-AXT1800 OTA Update firmware downgrade vulnerability
Talos Vulnerability Report TALOS-2025-2230 GL-Inet GL-AXT1800 OTA Update firmware downgrade vulnerability November 24, 2025 CVE Number CVE-2025-44018 SUMMARY A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can le...
Chatwoot 代码注入漏洞
Chatwoot is a Chatwoot open source application. Customer Engagement Suite, an open source alternative to Intercom, Zendesk, Salesforce Service Cloud, and more. A code injection vulnerability exists in Chatwoot 4.7.0 and earlier versions, which stems from a misuse of the parameter Link in the file...
CVE-2025-11012
A vulnerability was determined in BehaviorTree up to 4.7.0. This affects the function ParseScript of the file /src/scriptparser.cpp of the component Diagnostic Message Handler. Executing manipulation of the argument errormsgsbuffer can lead to stack-based buffer overflow. The attack can only be...
CVE-2025-40720
Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the campo parameter in /FacturaE/VerFacturaPDF...
Drupal Enterprise MFA - TFA for Drupal module < 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability
Drupal Enterprise MFA - TFA for Drupal module 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability discovered by Conrad Lara cmlara in WordPress Module Enterprise MFA - TFA for Drupal versions 4.7.0,5.0.0-5.1.0...
IBM Cognos Dashboards on Cloud Pak for Data Authorization Issues Vulnerability
IBM Cognos Dashboards on Cloud Pak for Data is a business intelligence tool from International Business Machines IBM. A security vulnerability exists in IBM Cognos Dashboards on Cloud Pak for Data version 4.7.0, which stems from a vulnerability that could allow a remote attacker to bypass securit...
CVE-2023-41871
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Poll Maker Team Poll Maker plugin = 4.7.0 versions...
SUSE CVE-2023-28647
Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. In versions prior to 4.7.0 when an attacker has physical access to an unlocked device, they may enable the integration into the iOS Files app and bypass the Nextcloud pin/password protection and gain...
Intel Server Board M10JNP2SB Code Issue Vulnerability
Intel Server Board is a server motherboard from Intel Corporation USA. A code issue vulnerability exists in the installer of the RSTe Software RAID Driver for Intel Server Board M10JNP2SB versions prior to 4.7.0.1119. A local attacker could exploit the vulnerability to elevate privileges...