Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (29 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-2130 1 Gallery Project 1 Gallery 2025-04-03 N/A
publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code.
CVE-2003-0614 1 Gallery Project 1 Gallery 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter.
CVE-2002-1412 1 Gallery Project 1 Gallery 2025-04-03 N/A
Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script.
CVE-2004-0522 2 Debian, Gallery Project 2 Debian Linux, Gallery 2025-04-03 N/A
Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.
CVE-2004-2124 1 Gallery Project 1 Gallery 2025-04-03 N/A
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.
CVE-2004-1106 2 Gallery Project, Gentoo 2 Gallery, Linux 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.
CVE-2005-0220 1 Gallery Project 1 Gallery 2025-04-03 N/A
Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field.
CVE-2005-0222 1 Gallery Project 1 Gallery 2025-04-03 N/A
main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message.
CVE-2012-4919 1 Gallery Project 1 Gallery 2024-11-21 9.8 Critical
Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability