6565 matches found
CVE-2026-13606
A flaw was found in GraphicsMagick's Photo CD PCD decoder. A remote attacker could exploit this vulnerability by providing a specially crafted PCD file. This could lead to an out-of-bounds write, corrupting memory and potentially causing a denial of service or other unpredictable system behavior...
Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access
In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. References 4. Learn more Microsoft Threat Intelligence has identified an active multi-stage intrusion campaign targeting organizations in the hospitality and hotel industry since April 2026. We’ve observed this...
CVE-2026-54829
CVE-2026-54829 concerns the WordPress plugin WP Photo Album Plus (versions up to 9.1.13.005). The vulnerability is an SQL injection due to improper neutralization of input in SQL commands, described as a blind SQL injection. The CVSS 3.1 base metrics indicate NETWORK attack vector, HIGH impact on...
CVE-2026-54829 WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005...
EUVD-2026-39392
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005...
WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin WP Photo Album Plus versions = 9.1.13.005...
CVE-2026-0158
In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-54190
Unauthenticated Broken Access Control in Envira Photo Gallery = 1.12.5 versions...
EUVD-2026-37052
Unauthenticated Broken Access Control in Envira Photo Gallery = 1.12.5 versions...
CVE-2026-54190 WordPress Envira Photo Gallery plugin <= 1.12.5 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Envira Photo Gallery = 1.12.5 versions...
CVE-2026-54190
CVE-2026-54190 : Unauthenticated Broken Access Control affects the WordPress plugin Envira Photo Gallery versions up to and including 1.12.5 . The available sources describe an unauthenticated access control flaw in this plugin, with the vulnerability present in the affected release range. The co...
EUVD-2026-36950
Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...
CVE-2026-39511
Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...
CVE-2026-39511 WordPress WP Photo Album Plus plugin <= 9.1.08.001 - SQL Injection vulnerability
Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...
CVE-2026-39511
CVE-2026-39511 affects the WordPress plugin WP Photo Album Plus
WordPress WP Photo Album Plus plugin < 9.1.11.001 - Unauthenticated SQL Injection via 'wppa-supersearch' Parameter vulnerability
Unauthenticated SQL Injection via 'wppa-supersearch' Parameter vulnerability discovered by Daniel Púa - devploit in WordPress Plugin WP Photo Album Plus versions 9.1.11.001...
Malicious code in react-photo-views (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0a47353c6255d7edb625c7ea890545e106900caeae477f0ebff432ae39c53e5 Package name 'react-photo-views' plural impersonates the popular 'react-photo-view' singular component — README badges, downloads URLs, and...
MAL-2026-5634 Malicious code in react-photo-views (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0a47353c6255d7edb625c7ea890545e106900caeae477f0ebff432ae39c53e5 Package name 'react-photo-views' plural impersonates the popular 'react-photo-view' singular component — README badges, downloads URLs, and...
Malicious Package
Overview react-photo-views is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
CVE-2017-20247
WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract...