Lucene search
+L

1361 matches found

Nuclei
Nuclei
added yesterday45 views

Joomla! Roland Breedveld Album 1.14 - Local File Inclusion

Joomla! Roland Breedveld Album 1.14 comalbum is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. dot dot in the target parameter to index.php. id: CVE-2009-3318 info: name: Joomla! Roland Breedveld...

7.5CVSS5.7AI score0.06455EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday18 views

ASUSTOR ADM 3.1.0.RFQ3 - SQL Injection

ASUSTOR ADM version 3.1.0.RFQ3 is vulnerable to SQL injection via the albumid parameter in the /photo-gallery/api/album/treelists/ endpoint. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the database, potentially leading to information disclosure or further...

9.8CVSS9AI score0.11176EPSS
Exploits7References2
NVD
NVD
added 3 days ago5 views

CVE-2026-59258

immich before 3.0.3 contains a broken access control vulnerability in the PUT /albums/:id/user/:userId endpoint that allows shared album editors to modify member roles without owner-only restrictions. Attackers with editor access can demote the album owner to editor and promote themselves to owne...

8.3CVSS0.00315EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-59258 immich < 3.0.3 Shared Album Editor Ownership Takeover via updateUser

immich before 3.0.3 contains a broken access control vulnerability in the PUT /albums/:id/user/:userId endpoint that allows shared album editors to modify member roles without owner-only restrictions. Attackers with editor access can demote the album owner to editor and promote themselves to owne...

8.3CVSS0.00315EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-44755

immich before 3.0.3 contains a broken access control vulnerability in the PUT /albums/:id/user/:userId endpoint that allows shared album editors to modify member roles without owner-only restrictions. Attackers with editor access can demote the album owner to editor and promote themselves to owne...

8.3CVSS6.1AI score0.00315EPSS
Exploits0References5
CVE
CVE
added 3 days ago7 views

CVE-2026-59258

CVE-2026-59258 affects Immich before 3.0.3. A broken access control on PUT /albums/:id/user/:userId lets shared album editors modify member roles, enabling an editor to demote the owner to editor and promote themselves to owner via sequential requests, yielding full control including deletion and...

8.3CVSS6.1AI score0.00315EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago26 views

CVE-2026-15700 DedeCMS Album Publishing Feature zip.class.php ExtractFile path traversal

A security flaw has been discovered in DedeCMS 5.7.118. Affected by this vulnerability is the function ExtractFile of the file include/zip.class.php of the component Album Publishing Feature. The manipulation of the argument filename results in path traversal. The attack can be executed remotely...

5.8CVSS0.00363EPSS
Exploits0References5
CVE
CVE
added 4 days ago5 views

CVE-2026-15700

CVE-2026-15700 affects DedeCMS 5.7.118 in the Album Publishing Feature; specifically the ExtractFile function in include/zip.class.php. The vulnerability arises from manipulating the filename argument, enabling path traversal and remote execution. Public exploit information exists. Documented imp...

5.8CVSS5.9AI score0.00363EPSS
Exploits0References5
NVD
NVD
added 2026/07/02 12:17 p.m.7 views

CVE-2026-57675

Unauthenticated Cross Site Scripting XSS in WP Photo Album Plus = 9.2.02.004 versions...

7.1CVSS0.00191EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.8 views

CVE-2026-57675

Unauthenticated Cross Site Scripting XSS in WP Photo Album Plus = 9.2.02.004 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.38 views

CVE-2026-57675 WordPress WP Photo Album Plus plugin <= 9.2.02.004 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WP Photo Album Plus = 9.2.02.004 versions...

7.1CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.16 views

CVE-2026-57675

CVE-2026-57675 describes unauthenticated Cross Site Scripting (XSS) in the WordPress plugin WP Photo Album Plus,

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 9:32 a.m.8 views

CVE-2026-10095

The WP Photo Album Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subtext' parameter in all versions up to, and including, 9.1.13.005 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References12
CVE
CVE
added 2026/07/01 9:32 a.m.14 views

CVE-2026-10095

CVE-2026-10095 affects the WP Photo Album Plus plugin for WordPress. The flaw is a Stored Cross-Site Scripting (XSS) via the subtext parameter in all versions up to and including 9.1.13.005, caused by insufficient input sanitization and output escaping. An authenticated attacker with contributor-...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References11
Patchstack
Patchstack
added 2026/06/30 9:28 p.m.7 views

WordPress WP Photo Album Plus plugin <= 9.1.13.005 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Photo Album Plus versions = 9.1.13.005...

6.4CVSS5.8AI score0.00241EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/25 1:25 p.m.6 views

EUVD-2026-39392

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005...

7.5CVSS5.9AI score0.00195EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:25 p.m.35 views

CVE-2026-54829 WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005...

7.5CVSS0.00195EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:25 p.m.27 views

CVE-2026-54829

CVE-2026-54829 concerns the WordPress plugin WP Photo Album Plus (versions up to 9.1.13.005). The vulnerability is an SQL injection due to improper neutralization of input in SQL commands, described as a blind SQL injection. The CVSS 3.1 base metrics indicate NETWORK attack vector, HIGH impact on...

7.5CVSS5.9AI score0.00195EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/17 2:6 p.m.9 views

WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin WP Photo Album Plus versions = 9.1.13.005...

7.5CVSS6AI score0.00195EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/15 9:30 p.m.11 views

EUVD-2026-36950

Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...

9.3CVSS5.7AI score0.00295EPSS
Exploits0References2
Rows per page
Query Builder