14 matches found
CVE-2026-28679
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Prior to version 1.21.0, when a user requests a download, the application does not verify whether the requested file is located within the media source directory, which can result in sensitive system...
EUVD-2024-51930
Malicious code in bioql PyPI...
CVE-2024-53276
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, an open CORS policy in app.js may allow an attacker to view the images of home-gallery when it is using the default settings. The following express middleware allows any website ...
CVE-2024-53275
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, the default setup of home-gallery is vulnerable to DNS rebinding. Home-gallery is set up without TLS and user authentication by default, leaving it vulnerable to DNS rebinding. I...
CVE-2024-53275
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, the default setup of home-gallery is vulnerable to DNS rebinding. Home-gallery is set up without TLS and user authentication by default, leaving it vulnerable to DNS rebinding. I...
CVE-2024-53276
CVE-2024-53276 — Home-Gallery.org : Affects Home-Gallery.org versions 1.15.0 and earlier. The issue is an open CORS policy in app.js that allows any external site to make cross-origin requests, enabling attackers to read endpoints and potentially view preview images. The vulnerability stems from ...
CVE-2024-53276 GHSL-2024-092: Open CORS policy in home-gallery
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, an open CORS policy in app.js may allow an attacker to view the images of home-gallery when it is using the default settings. The following express middleware allows any website ...
CVE-2024-53276 GHSL-2024-092: Open CORS policy in home-gallery
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, an open CORS policy in app.js may allow an attacker to view the images of home-gallery when it is using the default settings. The following express middleware allows any website ...
CVE-2024-53276 GHSL-2024-092: Open CORS policy in home-gallery
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, an open CORS policy in app.js may allow an attacker to view the images of home-gallery when it is using the default settings. The following express middleware allows any website ...
CVE-2024-53275 GHSL-2024-091: DNS rebinding attack in home-gallery
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, the default setup of home-gallery is vulnerable to DNS rebinding. Home-gallery is set up without TLS and user authentication by default, leaving it vulnerable to DNS rebinding. I...
CVE-2024-53275 GHSL-2024-091: DNS rebinding attack in home-gallery
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, the default setup of home-gallery is vulnerable to DNS rebinding. Home-gallery is set up without TLS and user authentication by default, leaving it vulnerable to DNS rebinding. I...
CVE-2024-53275
Home-Gallery.org (versions 1.15.0 and earlier) is vulnerable to DNS rebinding due to default exposure without TLS or authentication. An attacker can lure a user to a malicious site, then switch DNS to point to the internal Home-Gallery host and read the web server’s responses, potentially exfiltr...
CVE-2024-53275 GHSL-2024-091: DNS rebinding attack in home-gallery
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, the default setup of home-gallery is vulnerable to DNS rebinding. Home-gallery is set up without TLS and user authentication by default, leaving it vulnerable to DNS rebinding. I...
PT-2024-35709 · Unknown · Home-Gallery.Org
Name of the Vulnerable Software and Affected Versions: Home-Gallery.org versions 1.15.0 and earlier Description: Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. An open CORS policy in app.js may allow an attacker to view the images of home-gallery...