Lucene search
K

134 matches found

RedhatCVE
RedhatCVE
added 2026/02/12 7:28 p.m.6 views

CVE-2026-25869

MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...

7.5CVSS5.6AI score0.005EPSS
Exploits0References1
OSV
OSV
added 2026/02/11 4:16 p.m.3 views

CVE-2026-25868

MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting XSS vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply...

6.1CVSS5.9AI score0.00288EPSS
Exploits0References3
NVD
NVD
added 2026/02/11 4:16 p.m.11 views

CVE-2026-25868

MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting XSS vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply...

6.1CVSS0.00288EPSS
Exploits0References3
OSV
OSV
added 2026/02/11 4:16 p.m.2 views

CVE-2026-25869

MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...

7.5CVSS5.8AI score
Exploits0References3
Cvelist
Cvelist
added 2026/02/11 3:40 p.m.25 views

CVE-2026-25869 MiniGal Nano <= 0.3.5 Path Traversal via dir Parameter

MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...

6.9CVSS0.005EPSS
Exploits0References3
CVE
CVE
added 2026/02/11 3:40 p.m.17 views

CVE-2026-25869

CVE-2026-25869 – MiniGal Nano ≤ 0.3.5 implements a path traversal in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to block traversal by removing dot-dot sequences, but crafted directory patterns can bypass this protection. An ...

7.5CVSS5.6AI score0.005EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/11 3:40 p.m.7 views

CVE-2026-25869 MiniGal Nano <= 0.3.5 Path Traversal via dir Parameter

MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...

6.9CVSS5.6AI score0.005EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/11 3:34 p.m.3 views

CVE-2026-25868 MiniGal Nano <= 0.3.5 Reflected XSS via dir Parameter

MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting XSS vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply...

5.1CVSS5.6AI score0.00288EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/11 3:34 p.m.28 views

CVE-2026-25868 MiniGal Nano <= 0.3.5 Reflected XSS via dir Parameter

MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting XSS vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply...

5.1CVSS0.00288EPSS
Exploits0References3
CVE
CVE
added 2026/02/11 3:34 p.m.14 views

CVE-2026-25868

MiniGal Nano

6.1CVSS5.6AI score0.00288EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/11 3:34 p.m.4 views

CVE-2026-25868

MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting XSS vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply...

5.1CVSS5.6AI score0.00288EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.6 views

PT-2026-7616

MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting XSS vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply...

5.1CVSS5.6AI score0.00288EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/28 11:58 a.m.4 views

CVE-2025-59898 Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

5.1CVSS5.9AI score0.00173EPSS
Exploits0References1
CVE
CVE
added 2026/01/20 2:49 p.m.12 views

CVE-2025-58095

Cisco Talos reports multiple reflected XSS vulnerabilities in MedDream PACS Premium 7.3.6.870, all tied to the config.php functionality and specifically the imagedir parameter among others. The TALOS-2025-2271 disclosure (which maps to CVE-2025-58095) notes that carefully crafted URLs can trigger...

6.1CVSS5.6AI score0.0024EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 11:38 a.m.8 views

CVE-2003-1146

Cross-site scripting XSS vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter...

6.8CVSS6AI score0.0348EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/10/22 12:0 a.m.7 views

CVE-2025-60337

Tenda AC6 V2.0 15.03.06.50 was discovered to contain a buffer overflow in the speeddir parameter in the SetSpeedWan function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

0.00375EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2003-1136

Malware in sbrugna...

6.8CVSS6.4AI score0.0348EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-2249

Malware in sbrugna...

7.5CVSS6.4AI score0.01356EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-2436

Malware in sbrugna...

4.3CVSS6.4AI score0.01177EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-1141

Malware in sbrugna...

5CVSS6.4AI score0.03271EPSS
Exploits1References9
Rows per page
Query Builder