19 matches found
EUVD-2025-8802
Malicious code in bioql PyPI...
CVE-2025-56694
Client-side password validation CWE-602 in lumasoft fotoShare Cloud 2025-03-13 allowing unauthenticated attackers to view password-protected photo albums...
CVE-2025-56694
Client-side password validation CWE-602 in lumasoft fotoShare Cloud 2025-03-13 allowing unauthenticated attackers to view password-protected photo albums...
CVE-2025-31586
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Gallery – Photo Albums Plugin easy-media-gallery allows Stored XSS.This issue affects Gallery – Photo Albums Plugin: from n/a through = 1.3.170...
CVE-2025-31586
CVE-2025-31586 is a Stored Cross-Site Scripting vulnerability in the Gallery – Photo Albums Plugin for WordPress, affecting versions from unknown up to 1.3.170. The issue is caused by improper neutralization of input during web page generation, enabling stored XSS. The CVE entry notes a Medium se...
CVE-2025-31586 WordPress Gallery – Photo Albums Plugin plugin <= 1.3.170 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Gallery – Photo Albums Plugin allows Stored XSS. This issue affects Gallery – Photo Albums Plugin: from n/a through 1.3.170...
BuddyBoss Security Breach
BuddyBoss Platform is a state-of-the-art plugin from BuddyBoss for running online communities on WordPress. A security vulnerability exists in version 2.2.9 of BuddyBoss that stems from allowing authenticated users to access and rename other users' photo albums...
Apple macOS Ventura Security Vulnerability
Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura version 13, which stems from a shortcut to view hidden photo albums perhaps without authentication...
ImpressCMS Cross-Site Scripting Vulnerability (CNVD-2023-59104)
ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums and photo albums. A cross-site scripting vulnerability exists in ImpressCMS v1.4.5 and earlier versions, which stems from the lack of effective filtering and escaping of...
Admidio 安全漏洞
Admidio is an open source member management system from the Admidio team. The system supports member lists, event management, guestbooks, photo albums and downloads. A security vulnerability exists in Admidio versions prior to 4.2.9 that stems from incorrect access control...
Microsoft OneDrive 安全漏洞
Microsoft OneDrive is a cloud backup application from Microsoft USA. The program has features such as automatic backup of photo albums, online office and file sharing. A security vulnerability exists in Microsoft OneDrive. No information about this vulnerability is available at this time, so stay...
ImpressCMS path traversal vulnerability
ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums, and photo albums. ImpressCMS is vulnerable to a path traversal vulnerability that can be exploited by an authenticated attacker to delete arbitrary files on the system by...
Microsoft OneDrive for Android security feature bypass vulnerability
Microsoft OneDrive is a cloud backup application from the US-based Microsoft Corporation Microsoft. The program has features such as automatic backup of photo albums, online office and file sharing.Microsoft OneDrive for Android has a security feature bypass vulnerability, no details of the...
Easy Media Gallery 1.2.25 - includes/emg-settings.php spg_add_admin Function Admin User Creation CSRF
The Gallery – Photo Albums Plugin WordPress plugin was affected by an includes/emg-settings.php spgaddadmin Function Admin User Creation CSRF security vulnerability...
Rayzz Photoz - Arbitrary File Upload
Rayzz Photoz - Arbitrary File Upload ========================================================== Rayzz Photoz Upload Vulnerability ========================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, ...
Megabbs Forum 2.2 - SQL Injection / Cross-Site Scripting
www.BugReport.ir AmnPardaz Security Research Team Title: MegaBBS Forum Multiple Vulnerabilities. Vendor: http://www.pd9soft.com/ Vulnerable Version: 2.2 Exploit: Available Impact: Medium Fix: N/A Original Advisory: http://bugreport.ir/index.php?/37 1. Description: A complete, fully featured ASP...
MegaBBS Forum 2.2 (SQL/XSS) Multiple Remote Vulnerabilities
No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: MegaBBS Forum Multiple Vulnerabilities. Vendor: http://www.pd9soft.com/ Vulnerable Version: 2.2 Exploit: Available Impact: Medium Fix: N/A Original Advisory: http://bugreport.ir/index.php?/37 1. Descriptio...
MegaBBS Forum 2.2 (SQL/XSS) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications =========================================================== MegaBBS Forum 2.2 SQL/XSS Multiple Remote Vulnerabilities =========================================================== AmnPardaz Security Research Team Title: MegaBBS Forum Multipl...
[ GLSA 200406-10 ] Gallery: Privilege escalation vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200406-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...