CVE-2026-30842
Wallos, an open-source self-hosted personal subscription tracker, has a vulnerability prior to version 4.6.2 where an authenticated user can delete avatar files uploaded by other users because the avatar deletion endpoint does not verify ownership. The issue is fixed in version 4.6.2. Affected: W...