ellite

Top products

The 14 most recently published vulnerabilities affecting ellite.

• CVE-2026-41689Wallos: Shared local webhook allowlist lets low-privilege users send arbitrary requests to allowlisted internal services6.0May 7, 2026
• CVE-2026-41688Incomplete fix for CVE-2026-33399: SSRF in Wallos7.7May 7, 2026
• CVE-2026-41687Wallos: SSRF CGNAT Bypass in subscription/payments Logo URL — is_cgnat_ip() Not Used in Inline Checks4.3May 7, 2026
• CVE-2026-33417Wallos: Password Reset Tokens Never Expire6.5Mar 24, 2026
• CVE-2026-33401Wallos: Incomplete fix for CVE-2026-30840 - SSRF in AI and notification endpoints bypass ssrf_helper.php6.5Mar 24, 2026
• CVE-2026-33400Wallos: Stored cross-site scripting (XSS) vulnerability in the payment method rename endpoint5.4Mar 24, 2026
• CVE-2026-33399Wallos: SSRF Bypass - Incomplete Fix for CVE-2026-30839/308407.7Mar 24, 2026
• CVE-2026-33407Wallos: SSRF via HTTP Proxy Environment Variable9.1Mar 24, 2026
• CVE-2026-30842Wallos: Authenticated Missing Authorization Allows Deletion of Other Users’ Uploaded Avatars4.3Mar 7, 2026
• CVE-2026-30841Wallos: Reflected XSS via unescaped token and email parameters in passwordreset.php6.1Mar 7, 2026
• CVE-2026-30840Wallos: Server-Side Request Forgery (SSRF) in Notification Testers8.8Mar 7, 2026
• CVE-2026-30839Wallos: SSRF via webhook test endpoint4.3Mar 7, 2026
• CVE-2026-30828Wallos: SSRF via url parameter leading to File Traversal7.5Mar 7, 2026
• CVE-2026-27479Wallos: SSRF via Redirect Bypass in Logo/Icon URL Fetch7.7Feb 21, 2026