1361 matches found
Joomla! Roland Breedveld Album 1.14 - Local File Inclusion
Joomla! Roland Breedveld Album 1.14 comalbum is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. dot dot in the target parameter to index.php. id: CVE-2009-3318 info: name: Joomla! Roland Breedveld...
ASUSTOR ADM 3.1.0.RFQ3 - SQL Injection
ASUSTOR ADM version 3.1.0.RFQ3 is vulnerable to SQL injection via the albumid parameter in the /photo-gallery/api/album/treelists/ endpoint. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the database, potentially leading to information disclosure or further...
CVE-2026-59258
immich before 3.0.3 contains a broken access control vulnerability in the PUT /albums/:id/user/:userId endpoint that allows shared album editors to modify member roles without owner-only restrictions. Attackers with editor access can demote the album owner to editor and promote themselves to owne...
CVE-2026-59258 immich < 3.0.3 Shared Album Editor Ownership Takeover via updateUser
immich before 3.0.3 contains a broken access control vulnerability in the PUT /albums/:id/user/:userId endpoint that allows shared album editors to modify member roles without owner-only restrictions. Attackers with editor access can demote the album owner to editor and promote themselves to owne...
EUVD-2026-44755
immich before 3.0.3 contains a broken access control vulnerability in the PUT /albums/:id/user/:userId endpoint that allows shared album editors to modify member roles without owner-only restrictions. Attackers with editor access can demote the album owner to editor and promote themselves to owne...
CVE-2026-59258
CVE-2026-59258 affects Immich before 3.0.3. A broken access control on PUT /albums/:id/user/:userId lets shared album editors modify member roles, enabling an editor to demote the owner to editor and promote themselves to owner via sequential requests, yielding full control including deletion and...
CVE-2026-15700 DedeCMS Album Publishing Feature zip.class.php ExtractFile path traversal
A security flaw has been discovered in DedeCMS 5.7.118. Affected by this vulnerability is the function ExtractFile of the file include/zip.class.php of the component Album Publishing Feature. The manipulation of the argument filename results in path traversal. The attack can be executed remotely...
CVE-2026-15700
CVE-2026-15700 affects DedeCMS 5.7.118 in the Album Publishing Feature; specifically the ExtractFile function in include/zip.class.php. The vulnerability arises from manipulating the filename argument, enabling path traversal and remote execution. Public exploit information exists. Documented imp...
CVE-2026-57675
Unauthenticated Cross Site Scripting XSS in WP Photo Album Plus = 9.2.02.004 versions...
CVE-2026-57675
Unauthenticated Cross Site Scripting XSS in WP Photo Album Plus = 9.2.02.004 versions...
CVE-2026-57675 WordPress WP Photo Album Plus plugin <= 9.2.02.004 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WP Photo Album Plus = 9.2.02.004 versions...
CVE-2026-57675
CVE-2026-57675 describes unauthenticated Cross Site Scripting (XSS) in the WordPress plugin WP Photo Album Plus,
CVE-2026-10095
The WP Photo Album Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subtext' parameter in all versions up to, and including, 9.1.13.005 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-10095
CVE-2026-10095 affects the WP Photo Album Plus plugin for WordPress. The flaw is a Stored Cross-Site Scripting (XSS) via the subtext parameter in all versions up to and including 9.1.13.005, caused by insufficient input sanitization and output escaping. An authenticated attacker with contributor-...
WordPress WP Photo Album Plus plugin <= 9.1.13.005 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Photo Album Plus versions = 9.1.13.005...
EUVD-2026-39392
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005...
CVE-2026-54829 WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005...
CVE-2026-54829
CVE-2026-54829 concerns the WordPress plugin WP Photo Album Plus (versions up to 9.1.13.005). The vulnerability is an SQL injection due to improper neutralization of input in SQL commands, described as a blind SQL injection. The CVSS 3.1 base metrics indicate NETWORK attack vector, HIGH impact on...
WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin WP Photo Album Plus versions = 9.1.13.005...
EUVD-2026-36950
Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...