EUVD-2026-14947

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 CVE-2026-30840 added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI...

PT-2026-23825

Name of the Vulnerable Software and Affected Versions Wallos versions prior to 4.6.2 Description Wallos is a self-hostable personal subscription tracker. A server-side request forgery condition exists in the notification testers functionality. This allows for potentially malicious requests to be...

PT-2025-45442

Name of the Vulnerable Software and Affected Versions Soft Serve versions prior to 0.10.0 Description Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.10.0 do not remove ANSI escape sequences from user-supplied data, such as names, potentially allowing for the...

karakeep 安全漏洞

karakeep is a self-hostable bookmarking application from the Karakeep App open source. A security vulnerability exists in karakeep versions v0.26.0 through v0.7.0, which stems from vulnerability to server-side request forgery attacks...

EUVD-2025-2884

Malicious code in bioql PyPI...

CVE-2025-22610

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the global coolify instance OAuth configuration. This exposes the "client id" and "client secret" f...