CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/07 3:16 p.m.•7 views

CVE-2026-41688

7.7CVSS0.00227EPSS

NVD•added 2026/05/07 3:16 p.m.•10 views

CVE-2026-41689

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the webhook notification feature reuses an administrator-configured local-target allowlist for every logged-in user. Any normal user can fully control a webhook URL, headers, and body, then use...

6CVSS0.00176EPSS

ATTACKERKB•added 2026/05/07 1:53 p.m.•11 views

CVE-2026-41689

6CVSS5.9AI score0.00176EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/07 1:53 p.m.•12 views

CVE-2026-41689

CVE-2026-41689 affects Wallos up to version 4.8.4. The webhook notification feature reuses an administrator-configured local-target allowlist for all logged-in users, allowing any normal user to fully control a webhook URL, headers, and body, then send server-side requests to allowlisted internal...

6CVSS5.9AI score0.00176EPSS

Vulnrichment•added 2026/05/07 1:53 p.m.•5 views

CVE-2026-41689 Wallos: Shared local webhook allowlist lets low-privilege users send arbitrary requests to allowlisted internal services

6CVSS5.9AI score0.00176EPSS

EUVD•added 2026/05/07 1:52 p.m.•9 views

EUVD-2026-28384

7.7CVSS5.8AI score0.00227EPSS

ATTACKERKB•added 2026/05/07 1:52 p.m.•7 views

CVE-2026-41688

7.7CVSS5.8AI score0.00227EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/05/07 1:52 p.m.•32 views

CVE-2026-41688 Incomplete fix for CVE-2026-33399: SSRF in Wallos

7.7CVSS0.00227EPSS

CVE•added 2026/05/07 1:52 p.m.•9 views

CVE-2026-41688

Wallos (versions ≤ 4.8.4) has an incomplete SSRF fix: the webhook URL is validated with gethostbyname(), but the original hostname is passed to curl without CURLOPT_RESOLVE pinning on 10 of 11 outbound HTTP endpoints, creating a DNS rebinding TOCTOU window. At publication, no patches are availabl...

7.7CVSS7.3AI score0.00227EPSS

Vulnrichment•added 2026/05/07 1:52 p.m.•6 views

CVE-2026-41688 Incomplete fix for CVE-2026-33399: SSRF in Wallos

7.7CVSS7.3AI score0.00227EPSS

Vulnrichment•added 2026/05/07 1:48 p.m.•10 views

CVE-2026-41687 Wallos: SSRF CGNAT Bypass in subscription/payments Logo URL — is_cgnat_ip() Not Used in Inline Checks

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTERFLAGNOPRIVRANGE | FILTERFLAGNORESRANGE that does not block...

4.3CVSS5.7AI score0.00204EPSS

Exploits0References3

CVE•added 2026/05/07 1:48 p.m.•8 views

CVE-2026-41687

Wallos vulnerability CVE-2026-41687 affects prior to version 4.8.1. The SSRF protection in endpoints/subscription/add.php and endpoints/payments/add.php relies on inline IP validation that omits CGNAT 100.64.0.0/10. The project’s ssrf_helper.php defines is_cgnat_ip(), but the logo/icon URL fetchi...

4.3CVSS5.7AI score0.00204EPSS

Exploits0References3

CNNVD•added 2026/05/07 12:0 a.m.•7 views

Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.8.1 contained code vulnerabilities. These vulnerabilities stemmed from the SSRF protection mechanism not preventing the CGNAT address range, which could allow authenticated users to...

4.3CVSS5.9AI score0.00204EPSS

Positive Technologies•added 2026/05/07 12:0 a.m.•10 views

PT-2026-38444

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTER FLAG NO PRIV RANGE | FILTER FLAG NO RES RANGE that does not...

4.3CVSS5.7AI score0.00204EPSS

Exploits0References3

CNNVD•added 2026/05/07 12:0 a.m.•9 views

Wallos 安全漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos 4.8.4 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the reuse of administrator-configured local target whitelists in the Webhook notification function. This...

6CVSS5.8AI score0.00176EPSS

RedhatCVE•added 2026/03/26 3:11 p.m.•1 views

CVE-2026-30841

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, passwordreset.php outputs $GET"token" and $GET"email" directly into HTML input value attributes using and without calling htmlspecialchars. This allows reflected XSS by breaking out of the attribute...

6.9CVSS5.7AI score0.00283EPSS

RedhatCVE•added 2026/03/26 3:8 p.m.•4 views

CVE-2026-33417

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.2, password reset tokens in Wallos never expire. The passwordresets table includes a createdat timestamp column, but the token validation logic never checks it. A password reset token remains valid...

7.1CVSS5.7AI score0.00264EPSS

RedhatCVE•added 2026/03/26 3:8 p.m.•2 views

CVE-2026-33400

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, a stored cross-site scripting XSS vulnerability in the payment method rename endpoint allows any authenticated user to inject arbitrary JavaScript that executes when any user visits the Settings,...

5.4CVSS5.7AI score0.00193EPSS

RedhatCVE•added 2026/03/26 3:1 p.m.•1 views

CVE-2026-33407

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTPPROXY and HTTPSPROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied search...

9.1CVSS5.8AI score0.00369EPSS