CVE-2026-33399 Wallos: SSRF Bypass - Incomplete Fix for CVE-2026-30839/30840

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...

CVE-2020-10212

upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the...

CVE-2023-25912

The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values...

CVE-2024-39687

Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the @id or other resources present within the activity it has...

CVE-2025-46266

A vulnerability in TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 25.11 for Windows allows malicious actors to coerce the service into transmitting data to an arbitrary internal IP address, potentially leaking sensitive information...

EUVD-2001-1054

Malware in sbrugna...

EUVD-2006-6465

Malware in sbrugna...

EUVD-2001-0999

Malware in sbrugna...

EUVD-2004-2096

Malware in sbrugna...

EUVD-2019-15088

Malware in sbrugna...

EUVD-2021-25462

Malware in sbrugna...

EUVD-2020-2670

Malware in sbrugna...

EUVD-2021-26377

Malware in sbrugna...

EUVD-2009-2421

Malware in sbrugna...

EUVD-2008-5375

Malware in sbrugna...

EUVD-2007-3555

Malware in sbrugna...

EUVD-2006-2467

Malware in sbrugna...

EUVD-2021-9315

Malicious code in bioql PyPI...

CVE-2025-49537 ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead to arbitrary code execution by a high-privileged attacker. Exploitation of this issue requires user...

PT-2025-28749 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier ColdFusion versions prior to 2025.3 Description: A reflected Cross-Site Scripting XSS issue affects the software. If an unauthenticated attacker convinces a victim to visit a URL...