Lucene search
K

1351 matches found

Nuclei
Nuclei
added yesterday45 views

Joomla! Roland Breedveld Album 1.14 - Local File Inclusion

Joomla! Roland Breedveld Album 1.14 comalbum is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. dot dot in the target parameter to index.php. id: CVE-2009-3318 info: name: Joomla! Roland Breedveld...

7.5CVSS6.1AI score0.06455EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday17 views

ASUSTOR ADM 3.1.0.RFQ3 - SQL Injection

ASUSTOR ADM version 3.1.0.RFQ3 is vulnerable to SQL injection via the albumid parameter in the /photo-gallery/api/album/treelists/ endpoint. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the database, potentially leading to information disclosure or further...

9.8CVSS7.4AI score0.11176EPSS
Exploits7References2
NVD
NVD
added 2026/07/02 12:17 p.m.6 views

CVE-2026-57675

Unauthenticated Cross Site Scripting XSS in WP Photo Album Plus = 9.2.02.004 versions...

7.1CVSS0.00191EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.6 views

CVE-2026-57675

Unauthenticated Cross Site Scripting XSS in WP Photo Album Plus = 9.2.02.004 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.35 views

CVE-2026-57675 WordPress WP Photo Album Plus plugin <= 9.2.02.004 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WP Photo Album Plus = 9.2.02.004 versions...

7.1CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.12 views

CVE-2026-57675

CVE-2026-57675 describes unauthenticated Cross Site Scripting (XSS) in the WordPress plugin WP Photo Album Plus,

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 9:32 a.m.12 views

CVE-2026-10095

CVE-2026-10095 affects the WP Photo Album Plus plugin for WordPress. The flaw is a Stored Cross-Site Scripting (XSS) via the subtext parameter in all versions up to and including 9.1.13.005, caused by insufficient input sanitization and output escaping. An authenticated attacker with contributor-...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References11
Patchstack
Patchstack
added 2026/06/30 9:28 p.m.6 views

WordPress WP Photo Album Plus plugin <= 9.1.13.005 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Photo Album Plus versions = 9.1.13.005...

6.4CVSS5.8AI score0.00241EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 1:25 p.m.32 views

CVE-2026-54829 WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005...

7.5CVSS0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:25 p.m.3 views

EUVD-2026-39392

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005...

7.5CVSS5.9AI score0.00195EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:25 p.m.22 views

CVE-2026-54829

CVE-2026-54829 concerns the WordPress plugin WP Photo Album Plus (versions up to 9.1.13.005). The vulnerability is an SQL injection due to improper neutralization of input in SQL commands, described as a blind SQL injection. The CVSS 3.1 base metrics indicate NETWORK attack vector, HIGH impact on...

7.5CVSS5.9AI score0.00195EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/17 2:6 p.m.6 views

WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin WP Photo Album Plus versions = 9.1.13.005...

7.5CVSS6AI score0.00195EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36950

Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...

9.3CVSS5.7AI score0.00295EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.10 views

CVE-2026-39511

Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...

9.3CVSS0.00295EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.29 views

CVE-2026-39511 WordPress WP Photo Album Plus plugin <= 9.1.08.001 - SQL Injection vulnerability

Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...

9.3CVSS0.00295EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.22 views

CVE-2026-39511

CVE-2026-39511 affects the WordPress plugin WP Photo Album Plus

9.3CVSS5.7AI score0.00295EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/11 12:6 p.m.10 views

WordPress WP Photo Album Plus plugin < 9.1.11.001 - Unauthenticated SQL Injection via 'wppa-supersearch' Parameter vulnerability

Unauthenticated SQL Injection via 'wppa-supersearch' Parameter vulnerability discovered by Daniel Púa - devploit in WordPress Plugin WP Photo Album Plus versions 9.1.11.001...

8.6CVSS5.7AI score0.00472EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 a.m.13 views

CVE-2026-11489

A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminDeleteAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public an...

7.5CVSS6.9AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 5:16 a.m.33 views

CVE-2026-11489

A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminDeleteAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public an...

7.5CVSS0.00275EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/08 4:45 a.m.9 views

CVE-2026-11489 code-projects Online Music Site AdminDeleteAlbum.php sql injection

A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminDeleteAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public an...

7.5CVSS5.3AI score0.00275EPSS
Exploits0References6
Rows per page
Query Builder