Lucene search
K

4 matches found

EUVD
EUVD
added 2026/06/26 4:4 p.m.8 views

EUVD-2026-39798

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF / private-IP protections in SendWebRequestBlock and reach internal network services. isipblocked in...

8.5CVSS5.8AI score0.00224EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 1:48 p.m.3 views

CVE-2026-41687 Wallos: SSRF CGNAT Bypass in subscription/payments Logo URL — is_cgnat_ip() Not Used in Inline Checks

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTERFLAGNOPRIVRANGE | FILTERFLAGNORESRANGE that does not block...

4.3CVSS5.9AI score0.00204EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.14 views

Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.8.1 contained code vulnerabilities. These vulnerabilities stemmed from the SSRF protection mechanism not preventing the CGNAT address range, which could allow authenticated users to...

4.3CVSS5.9AI score0.00204EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.16 views

PT-2026-38444

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTER FLAG NO PRIV RANGE | FILTER FLAG NO RES RANGE that does not...

4.3CVSS5.7AI score0.00204EPSS
Exploits0References3
Rows per page
Query Builder