116 matches found
CVE-2026-1291
CVE-2026-1291 concerns the Meow Gallery WordPress plugin. A missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/save_shortcode allows authenticated users with Author-level access or higher to arbitrarily create or overwrite gallery shortcode records by supplying a user-cont...
WWBN AVideo: Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section
Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section Summary A stored Cross-Site Scripting vulnerability CWE-79; chained CWE-829, Inclusion of Functionality from Untrusted Control Sphere in the AVideo YouTubeAPI plugin renders the snippet.title field returned by the...
PT-2026-46895
Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section Summary A stored Cross-Site Scripting vulnerability CWE-79; chained CWE-829, Inclusion of Functionality from Untrusted Control Sphere in the AVideo YouTubeAPI plugin renders the snippet.title field returned by the...
PT-2026-39505
Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Attackers can store JavaScript code like image tags with onerror handlers that execute when the gallery...
CVE-2026-4766 Easy Image Gallery <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Shortcode Post Meta
The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery shortcode post meta field in all versions up to, and including, 1.5.3. This is due to insufficient input sanitization and output escaping on user-supplied gallery shortcode values. This makes ...
PT-2026-27894
Name of the Vulnerable Software and Affected Versions Contest Gallery versions prior to 28.1.2.3 Description A flaw exists in Contest Gallery that allows for authentication bypass. This allows for authentication abuse by utilizing an alternate path or channel. Recommendations Update Contest Galle...
WordPress plugin Contest Gallery 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
EUVD-2026-14175
Vikunja is an open-source self-hosted task management platform. Starting in version 1.0.0-rc0 and prior to version 2.2.0, unbounded image decoding and resizing during preview generation lets an attacker exhaust CPU and memory with highly compressed but extremely large-dimension images. Version...
CVE-2026-32418 WordPress Meow Gallery plugin <= 5.4.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through = 5.4.4...
CVE-2023-53939
CVE-2023-53939 concerns TinyWebGallery v2.5 with a stored cross-site scripting (XSS) flaw triggered via the folder name parameter in album folders. Authenticated users can insert script tags into folder names, which then execute arbitrary JavaScript when other users view affected gallery pages. T...
CVE-2025-34434
AVideo versions prior to 20.1 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload ...
CVE-2025-12966
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resolveimportdirectory function in versions 4.5.4 to 4.5.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload...
CVE-2025-62950
Cross-Site Request Forgery CSRF vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Request Forgery.This issue affects Contest Gallery: from n/a through = 28.0.0...
CVE-2025-62910
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in deshine Video Gallery by Huzzaz huzzaz-video-gallery allows Stored XSS.This issue affects Video Gallery by Huzzaz: from n/a through = 10.5...
EUVD-2007-6649
Malware in sbrugna...
EUVD-2008-2714
Malware in sbrugna...
EUVD-2006-0594
Malware in sbrugna...
EUVD-2009-2910
Malware in sbrugna...
EUVD-2001-0883
Malware in sbrugna...
EUVD-2008-4113
Malware in sbrugna...