CVE-2026-33400

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, a stored cross-site scripting XSS vulnerability in the payment method rename endpoint allows any authenticated user to inject arbitrary JavaScript that executes when any user visits the Settings,...

CVE-2026-33400

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, a stored cross-site scripting XSS vulnerability in the payment method rename endpoint allows any authenticated user to inject arbitrary JavaScript that executes when any user visits the Settings,...

CVE-2026-33399 Wallos: SSRF Bypass - Incomplete Fix for CVE-2026-30839/30840

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...

CVE-2026-33407

Wallos

PT-2026-27471

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTP PROXY and HTTPS PROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied sear...

PT-2026-27470

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 CVE-2026-30840 added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI...

CVE-2026-4542

CVE-2026-4542 affects SSCMS 4.7.0, specifically the LayerImage Endpoint’s LayerImageController.Submit.cs handling of the filePaths argument. The root cause is manipulation of filePaths leading to path traversal. Attack can be performed remotely; exploit maturity is PROOF-OF-CONCEPT. CVSS metrics ...

CVE-2026-24502

Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

CVE-2024-29720

An issue in Terra Informatica Software, Inc Sciter v.4.4.7.0 allows a local attacker to obtain sensitive information via the adopt component of the Sciter video rendering function...

CVE-2024-29720

An issue in Terra Informatica Software, Inc Sciter v.4.4.7.0 allows a local attacker to obtain sensitive information via the adopt component of the Sciter video rendering function...

CVE-2025-67494 ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login

ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI V2 treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This...

PT-2025-50277

Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.7.0 and below Description ZITADEL is an open-source identity infrastructure tool susceptible to an unauthenticated, full-read Server-Side Request Forgery SSRF issue. The ZITADEL Login UI V2 incorrectly trusts the...

CVE-2025-11699

nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged endpoints such as /admin even after the legitimate user has logged out, enabling session hijacking...

GL-Inet GL-AXT1800 OTA Update firmware downgrade vulnerability

Talos Vulnerability Report TALOS-2025-2230 GL-Inet GL-AXT1800 OTA Update firmware downgrade vulnerability November 24, 2025 CVE Number CVE-2025-44018 SUMMARY A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can le...

Chatwoot 代码注入漏洞

Chatwoot is a Chatwoot open source application. Customer Engagement Suite, an open source alternative to Intercom, Zendesk, Salesforce Service Cloud, and more. A code injection vulnerability exists in Chatwoot 4.7.0 and earlier versions, which stems from a misuse of the parameter Link in the file...

CVE-2025-11012

A vulnerability was determined in BehaviorTree up to 4.7.0. This affects the function ParseScript of the file /src/scriptparser.cpp of the component Diagnostic Message Handler. Executing manipulation of the argument errormsgsbuffer can lead to stack-based buffer overflow. The attack can only be...

PT-2025-33266

Name of the Vulnerable Software and Affected Versions: LibTIFF version 4.7.0 Description: A memory corruption issue was identified in the tiffcrop.c component, specifically within the May function. The issue can be triggered locally. The exploit has been publicly disclosed. Recommendations: At th...

CVE-2025-40721

Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the idfactura parameter in /FacturaE/listadofacturasficha.jsp...

CVE-2025-40720

Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the campo parameter in /FacturaE/VerFacturaPDF...

Quiter Gateway SQL注入漏洞

Quiter Gateway is an API interface from Quiter Spain. A SQL injection vulnerability exists in Quiter Gateway versions prior to 4.7.0, which stems from a SQL injection in the suceso.contenido parameter, which could lead to database manipulation...