Lucene search
K

564 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:28 a.m.7 views

CVE-2021-33523

MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController...

7.2CVSS7.5AI score0.01775EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:28 a.m.11 views

CVE-2021-33208

The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file...

7.2CVSS6.9AI score0.01106EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.8 views

CVE-2021-33581

MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService...

7.2CVSS6.9AI score0.01234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:14 a.m.7 views

CVE-2016-10889

The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name...

9.8CVSS8.1AI score0.01815EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.6 views

CVE-2022-38468

Cross-Site Request Forgery CSRF vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin = 3.28 leading to thumbnail alteration...

4.3CVSS6.9AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:4 a.m.4 views

CVE-2024-39627

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Imagely NextGEN Gallery allows Stored XSS.This issue affects NextGEN Gallery: from n/a through 3.59.3...

5.9CVSS6AI score0.00315EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/08 1:58 p.m.3 views

WordPress NextGEN Download Gallery plugin <= 1.6.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin NextGEN Download Gallery versions = 1.6.2...

7AI score0.00018EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/01/08 10:15 a.m.3 views

CVE-2026-0675

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

0.00018EPSS
Exploits0
Cvelist
Cvelist
added 2026/01/08 9:17 a.m.26 views

CVE-2026-0675

...

0.00018EPSS
Exploits0
CVE
CVE
added 2026/01/08 9:17 a.m.12 views

CVE-2026-0675

CVE-2026-0675 is rejected by its CVE Numbering Authority and not an active vulnerability entry.

6.5AI score0.00018EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.4 views

PT-2026-1969

Name of the Vulnerable Software and Affected Versions NextGEN Download Gallery versions through 1.6.2 Description The NextGEN Download Gallery software contains a flaw that could allow unauthorized retrieval of embedded sensitive data due to an exposure of sensitive system information to an...

6.3AI score0.00018EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.6 views

CVE-2024-2744

The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.3CVSS6AI score0.0039EPSS
Exploits2References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress NextGEN Gallery plugin <= 3.59.11 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin NextGEN Gallery versions = 3.59.11...

6.4CVSS5.9AI score0.00225EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/19 9:34 a.m.4 views

CVE-2025-13641

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.59.12 via the 'template' shortcode parameter. This is due to insufficient path validation that allows absolute paths to be provided...

8.8CVSS7.6AI score0.00707EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 12:30 p.m.4 views

EUVD-2025-204253

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.59.12 via the 'template' shortcode parameter. This is due to insufficient path validation that allows absolute paths to be provided...

8.8CVSS7.1AI score0.00707EPSS
Exploits0References5
NVD
NVD
added 2025/12/18 10:16 a.m.4 views

CVE-2025-13641

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.59.12 via the 'template' shortcode parameter. This is due to insufficient path validation that allows absolute paths to be provided...

8.8CVSS0.00707EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/18 9:21 a.m.2 views

CVE-2025-13641 Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 3.59.12 - Authenticated (Contributor+) Local File Inclusion via 'template'

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.59.12 via the 'template' shortcode parameter. This is due to insufficient path validation that allows absolute paths to be provided...

8.8CVSS7.2AI score0.00707EPSS
Exploits0References4
CVE
CVE
added 2025/12/18 9:21 a.m.17 views

CVE-2025-13641

CVE-2025-13641 refers to a Local File Inclusion in the WordPress plugin “Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery” via the template shortcode parameter. Affected versions are all up to 3.59.12. The issue arises from insufficient path validation, allowing authenticated attacke...

8.8CVSS7.2AI score0.00707EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/18 9:21 a.m.22 views

CVE-2025-13641 Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 3.59.12 - Authenticated (Contributor+) Local File Inclusion via 'template'

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.59.12 via the 'template' shortcode parameter. This is due to insufficient path validation that allows absolute paths to be provided...

8.8CVSS0.00707EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.3 views

WordPress plugin NextGEN Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS6AI score0.00707EPSS
Exploits0References4
Rows per page
Query Builder