Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ellite — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting ellite. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Ellette provides cloud-based collaboration and project management tools for businesses, enabling team communication and workflow optimization. Historically, the platform has been susceptible to multiple remote code execution, cross-site scripting, and privilege escalation vulnerabilities, with 14 CVEs documented. Common weaknesses include improper input validation and insecure direct object references. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for organizations relying on the platform. Security researchers have noted that some issues remained unpatched for extended periods, highlighting challenges in the vendor's vulnerability management process.

Top products by ellite: Wallos
CVE IDTitleCVSSSeverityPublished
CVE-2026-41689 Wallos: Shared local webhook allowlist lets low-privilege users send arbitrary requests to allowlisted internal services — WallosCWE-863 6.0 Medium2026-05-07
CVE-2026-41688 Incomplete fix for CVE-2026-33399: SSRF in Wallos — WallosCWE-918 7.7 High2026-05-07
CVE-2026-41687 Wallos: SSRF CGNAT Bypass in subscription/payments Logo URL — is_cgnat_ip() Not Used in Inline Checks — WallosCWE-918 4.3 Medium2026-05-07
CVE-2026-33417 Wallos: Password Reset Tokens Never Expire — WallosCWE-613 6.5 Medium2026-03-24
CVE-2026-33401 Wallos: Incomplete fix for CVE-2026-30840 - SSRF in AI and notification endpoints bypass ssrf_helper.php — WallosCWE-918 8.1 -2026-03-24
CVE-2026-33400 Wallos: Stored cross-site scripting (XSS) vulnerability in the payment method rename endpoint — WallosCWE-79 5.4 Medium2026-03-24
CVE-2026-33399 Wallos: SSRF Bypass - Incomplete Fix for CVE-2026-30839/30840 — WallosCWE-918 7.7 High2026-03-24
CVE-2026-33407 Wallos: SSRF via HTTP Proxy Environment Variable — WallosCWE-918 8.2 -2026-03-24
CVE-2026-30842 Wallos: Authenticated Missing Authorization Allows Deletion of Other Users’ Uploaded Avatars — WallosCWE-862 4.3 Medium2026-03-07
CVE-2026-30841 Wallos: Reflected XSS via unescaped token and email parameters in passwordreset.php — WallosCWE-79 6.1 -2026-03-07
CVE-2026-30840 Wallos: Server-Side Request Forgery (SSRF) in Notification Testers — WallosCWE-918 9.8 -2026-03-07
CVE-2026-30839 Wallos: SSRF via webhook test endpoint — WallosCWE-918 6.5 -2026-03-07
CVE-2026-30828 Wallos: SSRF via url parameter leading to File Traversal — WallosCWE-29 7.5 -2026-03-07
CVE-2026-27479 Wallos: SSRF via Redirect Bypass in Logo/Icon URL Fetch — WallosCWE-918 7.7 High2026-02-21

This page lists every published CVE security advisory associated with ellite. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.