149 matches found
CVE-2026-30828 Wallos: SSRF via url parameter leading to File Traversal
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2...
CVE-2026-30828 Wallos: SSRF via url parameter leading to File Traversal
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2...
CVE-2026-30828
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2...
CVE-2026-30828 Wallos: SSRF via url parameter leading to File Traversal
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2...
EUVD-2026-10116
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2...
CVE-2026-30828
CVE-2026-30828 affects Wallos prior to version 4.6.2, where the url parameter can be used to retrieve local system files. The issue has been patched in 4.6.2. Reported CVSS 4.0/8.7 (HIGH) with network attack vector, low complexity and no user interaction required; impact is limited to confidentia...
Wallos 跨站脚本漏洞
Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the $GET parameter was directly output as an HTML input value attribute without being...
Wallos 代码问题漏洞
Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 contained code vulnerabilities. These vulnerabilities stemmed from the fact that testwebhooknotifications.php did not validate the target URL against private IP ranges, which coul...
Wallos 安全漏洞
Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification at the delete endpoint to ensure that the image being deleted belongs to the curren...
Wallos 代码问题漏洞
Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 had code-related vulnerabilities, which stemmed from server-side request forgeing in the notification tester...
PT-2026-23825
Name of the Vulnerable Software and Affected Versions Wallos versions prior to 4.6.2 Description Wallos is a self-hostable personal subscription tracker. A server-side request forgery condition exists in the notification testers functionality. This allows for potentially malicious requests to be...
Wallos 代码问题漏洞
Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 had code vulnerabilities, as the url parameters could be used to access local system files...
PT-2026-23823
Name of the Vulnerable Software and Affected Versions Wallos versions prior to 4.6.2 Description Wallos is a self-hostable personal subscription tracker. Versions prior to 4.6.2 contain an issue where the url parameter can be exploited to retrieve local system files. Recommendations Update to...
PT-2026-23826
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, passwordreset.php outputs $ GET"token" and $ GET"email" directly into HTML input value attributes using and without calling htmlspecialchars. This allows reflected XSS by breaking out of the attribute...
PT-2026-23824
Name of the Vulnerable Software and Affected Versions Wallos versions prior to 4.6.2 Description Wallos is a self-hostable personal subscription tracker. Versions prior to 4.6.2 contain a Server-Side Request Forgery SSRF condition in the testwebhooknotifications.php file. The application does not...
CVE-2026-27479
Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...
CVE-2026-27479 Wallos: SSRF via Redirect Bypass in Logo/Icon URL Fetch
Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...
CVE-2026-27479
Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...
CVE-2026-27479 Wallos: SSRF via Redirect Bypass in Logo/Icon URL Fetch
Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...
CVE-2026-27479 Wallos: SSRF via Redirect Bypass in Logo/Icon URL Fetch
Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...