Lucene search
K

29 matches found

NVD
NVD
added last week7 views

CVE-2026-48945

The K2 article gallery upload path accepts a zip/tar archive, extracts it under /media/k2/galleries//, and only renames image files gif/jpg/jpeg/png/webp to safe names — non-image files including .php are extracted as-is and remain executable via direct HTTP access...

5.3CVSS0.00197EPSS
Exploits0References1
NVD
NVD
added last week5 views

CVE-2026-48941

The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...

6.5CVSS0.00159EPSS
Exploits0References1
CVE
CVE
added last week6 views

CVE-2026-48945

The CVE describes a vulnerability in the K2 Joomla extension (getk2.com) where the article gallery upload path accepts a zip/tar archive and extracts it to /media/k2/galleries//. The extractor renames image files (gif/jpg/jpeg/png/webp) to safe names, but non-image files (including .php) are extr...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added last week4 views

EUVD-2026-39443

The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...

6.5CVSS5.8AI score0.00159EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week4 views

CVE-2026-48941 Joomla Extension - getk2.org - Unauthenticated folder delete in K2 extension for Joomla < 2.26

The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...

5.8AI score0.00159EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-48941

The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...

6.5CVSS5.8AI score0.00159EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in the Media Galleries component of Google Chrome prior to version 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.4AI score0.00383EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:31 a.m.4 views

SUSE CVE-2022-3655

Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS9AI score0.00383EPSS
Exploits0References5
Veracode
Veracode
added 2022/11/17 12:54 a.m.23 views

Buffer Overflow

chromium is vulnerable to heap-based buffer overflow. The vulnerability exists in Media Galleries in Google Chrome which allows an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.4AI score0.00383EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/11/03 12:0 a.m.6 views

The vulnerability in the interface for accessing the chrome.mediaGalleries media gallery in Google Chrome and Microsoft Edge browsers allows a attacker to cause a service failure.

The vulnerability of the interface for accessing the chrome.mediaGalleries media gallery in Google Chrome and Microsoft Edge browsers is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions through a specially creat...

7.5CVSS7.9AI score0.00383EPSS
Exploits0References10Affected Software4
OSV
OSV
added 2022/11/01 11:15 p.m.17 views

CVE-2022-3655

Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS8.8AI score
Exploits0References2
NVD
NVD
added 2022/11/01 11:15 p.m.17 views

CVE-2022-3655

Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS0.00383EPSS
Exploits0References2
OSV
OSV
added 2022/11/01 11:15 p.m.1 views

DEBIAN-CVE-2022-3655

Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS8.4AI score0.00383EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/11/01 11:15 p.m.3 views

CVE-2022-3655

Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6AI score0.00383EPSS
Exploits0References3
Prion
Prion
added 2022/11/01 11:15 p.m.20 views

Heap overflow

Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

6.8CVSS8.7AI score0.00383EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/11/01 11:15 p.m.1 views

UBUNTU-CVE-2022-3655

Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.5AI score0.00383EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/11/01 11:15 p.m.35 views

CVE-2022-3655

Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.4AI score0.00383EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/01 12:0 a.m.11 views

CVE-2022-3655

Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

7.3AI score0.00383EPSS
Exploits0References2
CVE
CVE
added 2022/11/01 12:0 a.m.118 views

CVE-2022-3655

CVE-2022-3655 describes a heap buffer overflow in Chrome/Chromium’s Media Galleries. Multiple sources (Chrome release notes and security trackers) confirm this affects Chrome before version 107.0.5304.62, with the risk that a user who installs a crafted malicious extension could trigger heap corr...

8.8CVSS8.7AI score0.00383EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/01 12:0 a.m.15 views

CVE-2022-3655

Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

9AI score0.00383EPSS
Exploits0References2
Rows per page
Query Builder