CVE-2026-27479
- EPSS 0.03%
- Veröffentlicht 21.02.2026 08:15:19
- Zuletzt bearbeitet 24.02.2026 14:47:06
Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery (SSRF) vulnerability in the subscription and payment logo/icon upload functionality. The application validates the I...
CVE-2024-55371
- EPSS 1.46%
- Veröffentlicht 16.04.2025 00:00:00
- Zuletzt bearbeitet 03.06.2025 15:00:13
Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an auth...
CVE-2024-55372
- EPSS 4.86%
- Veröffentlicht 16.04.2025 00:00:00
- Zuletzt bearbeitet 03.06.2025 14:59:54
Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an ...
CVE-2024-57386
- EPSS 0.13%
- Veröffentlicht 23.01.2025 22:15:15
- Zuletzt bearbeitet 31.01.2025 16:13:06
Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function.
CVE-2024-29320
- EPSS 0.14%
- Veröffentlicht 30.04.2024 16:15:07
- Zuletzt bearbeitet 03.06.2025 15:00:55
Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php.
CVE-2024-22776
- EPSS 0.1%
- Veröffentlicht 23.02.2024 15:15:09
- Zuletzt bearbeitet 03.06.2025 15:02:52
Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without proper validation, excluding those requiring specific formats like date fields.