CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

82 matches found

RedhatCVE•added 2026/04/04 10:54 p.m.•2 views

CVE-2026-27634

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the four date filter parameters fmindateavailable, fmaxdateavailable, fmindatecreated, fmaxdatecreated in wsstdimagesqlfilter are concatenated directly into SQL without any escaping or type validation. This...

9.8CVSS5.8AI score0.00034EPSS

Exploits1References1

CVE•added 2026/04/03 9:36 p.m.•4 views

CVE-2026-27885

CVE-2026-27885 affects Piwigo prior to version 16.3.0. A SQL injection vulnerability exists in the Activity.getList/API endpoint, exploitable by an authenticated administrator which can lead to leakage of sensitive data (user credentials, email addresses, and all stored content). The root cause i...

7.2CVSS5.8AI score0.0005EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/04/03 9:35 p.m.•0 views

CVE-2026-27834 Piwigo: SQL Injection in pwg.users.getList API Method via filter Parameter

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability exists in the pwg.users.getList Web Service API method. The filter parameter is directly concatenated into a SQL query without proper sanitization, allowing authenticated...

7.2CVSS6.1AI score0.0005EPSS

Exploits1References3

CNNVD•added 2026/04/03 12:0 a.m.•3 views

Piwigo 安全漏洞

Piwigo is a web-based open-source image library software developed by Piwigo contributors. This software includes functions such as image management, image classification, and permission management. Versions of Piwigo prior to 16.3.0 contained security vulnerabilities. These vulnerabilities stemm...

7.2CVSS6.1AI score0.0005EPSS

Exploits1References3

Positive Technologies•added 2026/04/03 12:0 a.m.•0 views

PT-2026-30242

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the pwg.history.search API method in Piwigo is registered without the admin only option, allowing unauthenticated users to access the full browsing history of all gallery visitors. This issue has been patched...

7.5CVSS5.8AI score0.00066EPSS

Exploits1References4

CNNVD•added 2026/02/24 12:0 a.m.•4 views

Piwigo 安全特征问题漏洞

Piwigo is a web-based open-source image library software developed by Piwigo contributors. This software includes functions such as image management, image classification, and permission management. Versions of Piwigo prior to 15.0.0 had security vulnerabilities. These vulnerabilities stemmed fro...

7.5CVSS5.7AI score0.00049EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 11:30 a.m.•5 views

CVE-2021-27973

SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages...

7.2CVSS7.8AI score0.00194EPSS

Exploits4References1

RedhatCVE•added 2026/01/09 11:14 a.m.•3 views

CVE-2016-10513

Cross Site Scripting XSS exists in Piwigo before 2.8.3 via a crafted search expression to include/functionssearch.inc.php...

6.1CVSS5.9AI score0.00362EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:10 a.m.•2 views

CVE-2016-10514

urlcheckformat in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring...

6.5CVSS6.9AI score0.00285EPSS

Exploits0References1

CVE•added 2025/11/18 10:18 p.m.•4 views

CVE-2025-62406

Summary: CVE-2025-62406 affects Piwigo. In version 15.6.0, the password-reset URL is constructed using the request Host header without validation, allowing an attacker who knows or guesses a username/email to send a password-reset link with a modified hostname to a target user. This could enable ...

8.8CVSS6.5AI score0.00046EPSS

Exploits1References2Affected Software1