Skip to main content

Gallery

27 CVEs product

Monthly

CVE-2025-20969 MEDIUM This Month

Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Gallery Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-20968 HIGH This Week

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Gallery Android
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-20967 MEDIUM This Month

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Gallery Android
NVD
CVSS 3.1
5.1
EPSS
0.2%
CVE-2025-20966 MEDIUM This Month

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Gallery Android
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-37542 MEDIUM This Month

Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gallery
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-35750 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Gallery
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-30550 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Reflected XSS.0.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gallery
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-31120 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Stored XSS.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gallery
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-20827 MEDIUM This Month

Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Gallery
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2023-45630 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gallery
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-30725 MEDIUM This Month

Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Gallery
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-30724 LOW Monitor

Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Gallery
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-0765 HIGH POC This Week

The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Gallery
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-0764 MEDIUM POC This Month

The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Gallery
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-1946 MEDIUM POC This Month

The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Gallery
NVD WPScan
CVSS 3.1
6.1
EPSS
1.6%
CVE-2021-25379 LOW Monitor

Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gallery
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2017-2171 MEDIUM This Month

Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Captcha Car Rental Contact Form +48
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-1000114 MEDIUM POC This Month

XSS in huge IT gallery v1.1.5 for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gallery
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2016-1000113 CRITICAL POC Act Now

XSS and SQLi in huge IT gallery v1.1.5 for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SQLi Gallery
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2013-2087 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) movie title to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Gallery
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-2241 MEDIUM PATCH This Month

modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Privilege Escalation Gallery
NVD GitHub
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-2240 HIGH POC PATCH This Week

lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Information Disclosure Gallery
NVD GitHub
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-2138 HIGH This Week

The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gallery
NVD GitHub
CVSS 2.0
7.5
EPSS
1.2%
CVE-2012-4343 HIGH This Week

Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Gallery
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2012-4342 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Gallery
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-2405 CRITICAL Act Now

Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gallery
NVD
CVSS 2.0
10.0
EPSS
0.3%
CVE-2012-1113 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Gallery
NVD
CVSS 2.0
4.3
EPSS
0.7%
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Gallery +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Gallery +1
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Gallery +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Gallery +1
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gallery
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Gallery
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Reflected XSS.0.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gallery
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Stored XSS.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gallery
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Gallery
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gallery
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Gallery
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Gallery
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Gallery
NVD WPScan
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Gallery
NVD WPScan
EPSS 2% CVSS 6.1
MEDIUM POC This Month

The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Gallery
NVD WPScan
EPSS 0% CVSS 3.3
LOW Monitor

Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gallery
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Captcha +50
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

XSS in huge IT gallery v1.1.5 for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gallery
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

XSS and SQLi in huge IT gallery v1.1.5 for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SQLi Gallery
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) movie title to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Gallery
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Privilege Escalation Gallery
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Information Disclosure Gallery
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gallery
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Gallery
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Gallery
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gallery
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Gallery
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy