Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

NVD
NVDadded 2026/03/07 6:16 a.m.5 views

CVE-2026-30828

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2...

8.7CVSS0.00028EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2025/04/18 2:5 a.m.16 views

CVE-2024-55372

Wallos =2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an unauthenticated attacker to upload malicious fil...

9.8CVSS7.2AI score0.00868EPSS
Exploits1References1
NVD
NVDadded 2025/04/16 9:15 p.m.8 views

CVE-2024-55371

Wallos = 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an authenticated attacker being an administrator is not...

9.8CVSS0.00478EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/04/16 12:0 a.m.9 views

CVE-2024-55371

Wallos = 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an authenticated attacker being an administrator is not...

0.00478EPSS
Exploits1References1
OSV
OSVadded 2025/01/23 10:15 p.m.5 views

CVE-2024-57386

Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function...

6.1CVSS7.5AI score0.00105EPSS
Exploits1References1
NVD
NVDadded 2025/01/23 10:15 p.m.15 views

CVE-2024-57386

Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function...

6.1CVSS0.00105EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/01/23 12:0 a.m.3 views

PT-2025-3436 · Wallos · Wallos

Name of the Vulnerable Software and Affected Versions: Wallos version 2.41.0 Description: The issue allows a remote attacker to execute arbitrary code via the profile picture function. This is a result of a Cross Site Scripting vulnerability. Recommendations: For Wallos version 2.41.0, consider...

6.4CVSS8AI score0.00105EPSS
Exploits1References7
NVD
NVDadded 2024/04/30 4:15 p.m.9 views

CVE-2024-29320

Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php...

8.1CVSS7.6AI score0.00138EPSS
Exploits1References3
Cvelist
Cvelistadded 2024/04/30 12:0 a.m.14 views

CVE-2024-29320

Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php...

8AI score0.00138EPSS
Exploits1References3
Rows per page
Query Builder