CVE-2026-33401

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 CVE-2026-30840 added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI...

EUVD-2026-14947

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 CVE-2026-30840 added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI...

Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 had code vulnerabilities, as the url parameters could be used to access local system files...

Wallos 跨站脚本漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the $GET parameter was directly output as an HTML input value attribute without being...

Wallos SQL注入漏洞

Wallos is an open source personal subscription tracker by the individual developer Miguel Ribeiro. A SQL injection vulnerability exists in Wallos versions prior to 1.15.3, which originates from an easy SQL injection via the category and payment parameters of /subscriptions/get.php...