wallosapp

Top products

The 15 most recently published vulnerabilities affecting wallosapp.

• CVE-2026-33417Wallos: Password Reset Tokens Never Expire6.5Mar 24, 2026
• CVE-2026-33401Wallos: Incomplete fix for CVE-2026-30840 - SSRF in AI and notification endpoints bypass ssrf_helper.php6.5Mar 24, 2026
• CVE-2026-33400Wallos: Stored cross-site scripting (XSS) vulnerability in the payment method rename endpoint5.4Mar 24, 2026
• CVE-2026-33399Wallos: SSRF Bypass - Incomplete Fix for CVE-2026-30839/308407.7Mar 24, 2026
• CVE-2026-33407Wallos: SSRF via HTTP Proxy Environment Variable9.1Mar 24, 2026
• CVE-2026-30842Wallos: Authenticated Missing Authorization Allows Deletion of Other Users’ Uploaded Avatars4.3Mar 7, 2026
• CVE-2026-30841Wallos: Reflected XSS via unescaped token and email parameters in passwordreset.php6.1Mar 7, 2026
• CVE-2026-30840Wallos: Server-Side Request Forgery (SSRF) in Notification Testers8.8Mar 7, 2026
• CVE-2026-30839Wallos: SSRF via webhook test endpoint4.3Mar 7, 2026
• CVE-2026-30828Wallos: SSRF via url parameter leading to File Traversal7.5Mar 7, 2026
• CVE-2026-27479Wallos: SSRF via Redirect Bypass in Logo/Icon URL Fetch7.7Feb 21, 2026
• CVE-2024-55372Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are ex...9.8Apr 16, 2025
• CVE-2024-55371Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extrac...9.8Apr 16, 2025
• CVE-2024-57386Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function.6.1Jan 23, 2025
• CVE-2024-29320Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php.8.1Apr 30, 2024