Lucene search
K

212 matches found

NVD
NVD
added 2026/06/25 4:16 p.m.10 views

CVE-2026-48945

The K2 article gallery upload path accepts a zip/tar archive, extracts it under /media/k2/galleries//, and only renames image files gif/jpg/jpeg/png/webp to safe names — non-image files including .php are extracted as-is and remain executable via direct HTTP access...

5.3CVSS0.00197EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 4:16 p.m.7 views

CVE-2026-48941

The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...

6.5CVSS0.00159EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:26 p.m.5 views

CVE-2026-48945

The K2 article gallery upload path accepts a zip/tar archive, extracts it under /media/k2/galleries//, and only renames image files gif/jpg/jpeg/png/webp to safe names — non-image files including .php are extracted as-is and remain executable via direct HTTP access...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/25 3:26 p.m.7 views

CVE-2026-48945 Joomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26

The K2 article gallery upload path accepts a zip/tar archive, extracts it under /media/k2/galleries//, and only renames image files gif/jpg/jpeg/png/webp to safe names — non-image files including .php are extracted as-is and remain executable via direct HTTP access...

5.8AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 3:26 p.m.14 views

CVE-2026-48945

The CVE describes a vulnerability in the K2 Joomla extension (getk2.com) where the article gallery upload path accepts a zip/tar archive and extracts it to /media/k2/galleries//. The extractor renames image files (gif/jpg/jpeg/png/webp) to safe names, but non-image files (including .php) are extr...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 3:25 p.m.34 views

CVE-2026-48941 Joomla Extension - getk2.org - Unauthenticated folder delete in K2 extension for Joomla < 2.26

The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...

0.00159EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/25 3:25 p.m.7 views

CVE-2026-48941

The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...

6.5CVSS5.8AI score0.00159EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:25 p.m.6 views

CVE-2026-48941

The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...

6.5CVSS5.8AI score0.00159EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/25 3:25 p.m.5 views

CVE-2026-48941 Joomla Extension - getk2.org - Unauthenticated folder delete in K2 extension for Joomla < 2.26

The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...

5.8AI score0.00159EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 3:25 p.m.5 views

EUVD-2026-39443

The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...

6.5CVSS5.8AI score0.00159EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 6:17 a.m.14 views

CVE-2026-11989

The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.7 via the uploadattachment. This makes it possible for unauthenticated attackers to make web...

6.5CVSS0.00312EPSS
Exploits0References10
EUVD
EUVD
added 2026/05/20 7:41 a.m.15 views

EUVD-2026-31073

NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root cause is an insufficient sanitization function 'cleancolumn' in the data mapper layer that uses a...

9.3CVSS6AI score0.00287EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 7:41 a.m.8 views

CVE-2026-9059 NextGEN Gallery - SQL Injection

NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root cause is an insufficient sanitization function 'cleancolumn' in the data mapper layer that uses a...

9.3CVSS6AI score0.00287EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 7:41 a.m.19 views

CVE-2026-9059

NextGEN Gallery (WordPress) versions prior to 4.2.1 are vulnerable to an authenticated SQL injection. The issue is in the data mapper layer where _clean_column() uses a blacklist instead of a whitelist, allowing an authenticated attacker with the Administrator role (NextGEN Gallery overview capab...

9.3CVSS6AI score0.00287EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in the Media Galleries component of Google Chrome prior to version 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.4AI score0.00383EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.25 views

WordPress plugin NextGEN Gallery 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00264EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.15 views

PT-2026-42122

NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root cause is an insufficient sanitization function ' clean column' in the data mapper layer that uses a...

9.3CVSS6AI score0.00287EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/12 7:33 a.m.5 views

CVE-2025-15524

The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxgetgalleryinfo function in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

4.3CVSS5.5AI score0.00221EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/11 1:23 a.m.6 views

CVE-2025-15524

The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxgetgalleryinfo function in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

4.3CVSS5.5AI score0.00221EPSS
Exploits0References3
CVE
CVE
added 2026/02/11 1:23 a.m.8 views

CVE-2025-15524

CVE-2025-15524 affects the WordPress plugin Gallery by FooGallery (versions up to and including 3.1.9). A missing capability check in ajax_get_gallery_info() allows authenticated users with Subscriber-level access and above to enumerate gallery IDs and retrieve private/draft/password-protected ga...

4.3CVSS5.5AI score0.00221EPSS
Exploits0References2
Rows per page
Query Builder