17 matches found
CVE-2026-33399
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...
CVE-2026-33399
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...
CVE-2026-33399 Wallos: SSRF Bypass - Incomplete Fix for CVE-2026-30839/30840
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...
EUVD-2026-14945
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...
PT-2026-27468
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validate webhook url for ssrf protection was added to the test notification endpoints but not to the...
EUVD-2022-3991
Malicious code in bioql PyPI...
Exploit for CVE-2024-32651
CVE-2024-32651 changedetection --port --ip --notification...
changedetection 0.45.20 Remote Code Execution
Exploit Title: changedetection = 0.45.20 Remote Code Execution RCE Date: 5-26-2024 Exploit Author: Zach Crosman zcrosman Vendor Homepage: changedetection.io Software Link: https://github.com/dgtlmoon/changedetection.io Version: = 0.45.20 Tested on: Linux CVE : CVE-2024-32651 from pwn import impor...
GHSA-GQGV-2GP3-QQP3 WeChat Pay Java SDK allows XXE
WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL...
WeChat Pay Java SDK allows XXE
WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL...
Design/Logic Flaw
WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL...
CVE-2018-13439
WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL...
CVE-2018-13439
WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL...
WeChat Pay SDK XXE Injection
Hi List, Title XXE in WeChat Pay Sdk WeChat leave a backdoor on merchant websites ------------------------------------------ Background aMobile payments surge to $9 trillion a year, changing how people shop, borrowaeven panhandlea, as WSJ.com once reported. As a payment security researcher, I...
Unspecified Vulnerability in KDE Plasma Workspace
KDE Plasma Workspace is an umbrella term for all graphical environments developed by the KDE community and is part of KDE Software Compilation 4, the latest series of desktop environments. A security vulnerability exists in the dataengines/notifications/notificationsengine.cpp file in KDE Plasma...
UBUNTU-CVE-2018-6790
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element...
Cisco Content Security Management Appliance Security Bypass Vulnerability
The Cisco Content Security Management Appliance is a content security management appliance. The appliance is primarily used to manage all policies, reports, audit information, etc. for email and web security appliances. The Cisco Content Security Management Appliance fails to set authentication...