Vulnerabilidades em ellite
14 resultadosCVE-2026-30828HIGHWallos: SSRF via url parameter leading to File TraversalEPSS 0.5%CVE-2026-30840HIGHWallos: Server-Side Request Forgery (SSRF) in Notification TestersEPSS 0.5%CVE-2026-33407HIGHWallos: SSRF via HTTP Proxy Environment VariableEPSS 0.4%CVE-2026-30839MEDIUMWallos: SSRF via webhook test endpointEPSS 0.3%CVE-2026-27479HIGHWallos: SSRF via Redirect Bypass in Logo/Icon URL FetchEPSS 0.3%CVE-2026-30842MEDIUMWallos: Authenticated Missing Authorization Allows Deletion of Other Users’ Uploaded AvatarsEPSS 0.3%CVE-2026-33401HIGHWallos: Incomplete fix for CVE-2026-30840 - SSRF in AI and notification endpoints bypass ssrf_helper.phpEPSS 0.3%CVE-2026-30841MEDIUMWallos: Reflected XSS via unescaped token and email parameters in passwordreset.phpEPSS 0.3%CVE-2026-33399HIGHWallos: SSRF Bypass - Incomplete Fix for CVE-2026-30839/30840EPSS 0.3%CVE-2026-33417MEDIUMWallos: Password Reset Tokens Never ExpireEPSS 0.3%CVE-2026-41688HIGHIncomplete fix for CVE-2026-33399: SSRF in WallosEPSS 0.2%CVE-2026-41687MEDIUMWallos: SSRF CGNAT Bypass in subscription/payments Logo URL — is_cgnat_ip() Not Used in Inline ChecksEPSS 0.2%CVE-2026-33400MEDIUMWallos: Stored cross-site scripting (XSS) vulnerability in the payment method rename endpointEPSS 0.2%CVE-2026-41689MEDIUMWallos: Shared local webhook allowlist lets low-privilege users send arbitrary requests to allowlisted internal servicesEPSS 0.2%