Lucene search
K

149 matches found

OSV
OSV
added 2026/03/07 5:27 a.m.7 views

CVE-2026-30828 Wallos: SSRF via url parameter leading to File Traversal

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2...

8.7CVSS5.7AI score0.00533EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/07 5:27 a.m.42 views

CVE-2026-30828 Wallos: SSRF via url parameter leading to File Traversal

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2...

8.7CVSS0.00533EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/07 5:27 a.m.5 views

CVE-2026-30828

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2...

8.7CVSS5.7AI score0.00533EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/07 5:27 a.m.4 views

CVE-2026-30828 Wallos: SSRF via url parameter leading to File Traversal

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2...

8.7CVSS5.7AI score0.00533EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/07 5:27 a.m.5 views

EUVD-2026-10116

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2...

8.7CVSS5.7AI score0.00533EPSS
Exploits1References3
CVE
CVE
added 2026/03/07 5:27 a.m.18 views

CVE-2026-30828

CVE-2026-30828 affects Wallos prior to version 4.6.2, where the url parameter can be used to retrieve local system files. The issue has been patched in 4.6.2. Reported CVSS 4.0/8.7 (HIGH) with network attack vector, low complexity and no user interaction required; impact is limited to confidentia...

8.7CVSS5.7AI score0.00533EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.9 views

Wallos 跨站脚本漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the $GET parameter was directly output as an HTML input value attribute without being...

6.9CVSS5.6AI score0.00283EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.7 views

Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 contained code vulnerabilities. These vulnerabilities stemmed from the fact that testwebhooknotifications.php did not validate the target URL against private IP ranges, which coul...

5.3CVSS7.4AI score0.00331EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.8 views

Wallos 安全漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification at the delete endpoint to ensure that the image being deleted belongs to the curren...

4.3CVSS5.8AI score0.00297EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.11 views

Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 had code-related vulnerabilities, which stemmed from server-side request forgeing in the notification tester...

8.8CVSS7.3AI score0.00497EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.4 views

PT-2026-23825

Name of the Vulnerable Software and Affected Versions Wallos versions prior to 4.6.2 Description Wallos is a self-hostable personal subscription tracker. A server-side request forgery condition exists in the notification testers functionality. This allows for potentially malicious requests to be...

8.8CVSS7.3AI score0.00497EPSS
Exploits1References13
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.18 views

Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 had code vulnerabilities, as the url parameters could be used to access local system files...

8.7CVSS5.8AI score0.00533EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.10 views

PT-2026-23823

Name of the Vulnerable Software and Affected Versions Wallos versions prior to 4.6.2 Description Wallos is a self-hostable personal subscription tracker. Versions prior to 4.6.2 contain an issue where the url parameter can be exploited to retrieve local system files. Recommendations Update to...

8.7CVSS5.8AI score0.00533EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.9 views

PT-2026-23826

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, passwordreset.php outputs $ GET"token" and $ GET"email" directly into HTML input value attributes using and without calling htmlspecialchars. This allows reflected XSS by breaking out of the attribute...

6.9CVSS5.7AI score0.00283EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.4 views

PT-2026-23824

Name of the Vulnerable Software and Affected Versions Wallos versions prior to 4.6.2 Description Wallos is a self-hostable personal subscription tracker. Versions prior to 4.6.2 contain a Server-Side Request Forgery SSRF condition in the testwebhooknotifications.php file. The application does not...

5.3CVSS5.8AI score0.00331EPSS
Exploits1References10
NVD
NVD
added 2026/02/21 9:15 a.m.17 views

CVE-2026-27479

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

7.7CVSS0.00307EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/21 8:15 a.m.24 views

CVE-2026-27479 Wallos: SSRF via Redirect Bypass in Logo/Icon URL Fetch

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

7.7CVSS0.00307EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/21 8:15 a.m.3 views

CVE-2026-27479

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

7.7CVSS5.6AI score0.00307EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/21 8:15 a.m.4 views

CVE-2026-27479 Wallos: SSRF via Redirect Bypass in Logo/Icon URL Fetch

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

7.7CVSS5.5AI score0.00307EPSS
Exploits1References3
OSV
OSV
added 2026/02/21 8:15 a.m.4 views

CVE-2026-27479 Wallos: SSRF via Redirect Bypass in Logo/Icon URL Fetch

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

7.7CVSS5.6AI score0.00307EPSS
Exploits1References5
Rows per page
Query Builder