CVE-2025-20969

< 14.5.10.3

Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 1

5.5MEDIUM

CVE-2025-20968

< 14.5.10.3

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.

7.2HIGH

CVE-2025-20967

< 14.5.10.3

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.

5.1MEDIUM

CVE-2025-20966

< 14.5.10.3

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.

4.6MEDIUM

CVE-2023-45631

<= 2.0.3

Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured A

4.3MEDIUM

CVE-2024-37542

<= 2.0.3

Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Galler

5.4MEDIUM

CVE-2024-35750

<= 2.0.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Ga

8.5HIGH

CVE-2024-30550

<= 2.0.3

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsive Image Ga

7.1HIGH

CVE-2024-31120

<= 2.0.3

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsive Image Ga

6.5MEDIUM

CVE-2024-20827

< 14.5.04.4

Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the pictur

4.6MEDIUM

CVE-2023-45630

<= 2.0.3

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery - Image and Video Gallery with Thumbnails plugin <= 2

6.5MEDIUM

CVE-2023-30725

< 14.5.01.2

Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provid

5.1MEDIUM

CVE-2023-30724

< 14.5.01.2

Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history.

4.0MEDIUM

CVE-2023-0765

< 4.7.0

The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind

8.8HIGH

CVE-2023-0764

< 4.7.0

The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a

5.4MEDIUM

CVE-2022-1946

< 2.0.0

The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an

6.1MEDIUM

CVE-2021-25379

< 5.4.16.1

Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action.

4.0MEDIUM

CVE-2012-4919

all versions

Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability

9.8CRITICAL

CVE-2017-2171

<= 4.4.9

Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior

6.1MEDIUM

CVE-2013-2241

<= 3.0.8

modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and

CVE-2013-2240

all versions

lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have a

CVE-2013-2138

<= 3.0.7

The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, wh

CVE-2012-4343

<= 3.0.3

Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors.

CVE-2012-4342

<= 3.0.3

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web scrip

CVE-2012-2405

all versions

Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors,

CVE-2012-1113

all versions

Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 a

CVE-2010-4353

<= 2.2.6

Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote aut

CVE-2008-5296

<= 1.5.9

Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentica

CVE-2008-4130

<= 2.2.5

Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTM

CVE-2008-4129

<= 2.2.5

Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote a

CVE-2008-3662

<= 2.2.5

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cau

CVE-2008-3600

all versions

Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled,

CVE-2008-2724

all versions

Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might

CVE-2008-2723

<= 2.2.4

embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing

CVE-2008-2722

<= 2.2.4

Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive.

CVE-2008-2721

<= 2.2.4

Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of h

CVE-2008-2720

<= 2.2.4

Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2.5 allows remote attackers to inject arbitrary web script or

CVE-2007-6692

<= 2.2.3

Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and c

CVE-2007-6691

<= 2.2.3

Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in t

CVE-2007-6690

<= 2.2.3

The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknow

CVE-2007-6689

<= 2.2.3

Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to

CVE-2007-6688

<= 2.2.3

Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors re

CVE-2007-6687

<= 2.2.3

Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web

CVE-2007-6686

<= 2.2.3

The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown v

CVE-2007-4650

<= 2.2.2

Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item propert

CVE-2007-2076

all versions

PHP remote file inclusion vulnerability in index.php in Maian Gallery 1.0 allows remote attackers to execute arbitrary PHP code vi

CVE-2006-4030

<= 1.5.1_rc2

Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive informa

CVE-2006-1696

all versions

Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML vi

CVE-2006-1219

all versions

Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary

CVE-2006-1128

all versions

Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote atta

CVE-2006-1127

all versions

Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML v

CVE-2006-1126

all versions

Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP head

CVE-2006-0587

all versions

Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modif

CVE-2006-0330

all versions

Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML vi

CVE-2005-4023

all versions

Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via un

CVE-2005-4021

all versions

The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, wh

CVE-2005-3251

all versions

Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary f

CVE-2005-2734

all versions

Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script o

CVE-2005-2596

all versions

User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries.

CVE-2005-0222

all versions

main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter,

CVE-2005-0220

all versions

Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTM

CVE-2005-0219

all versions

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or

CVE-2005-0221

all versions

Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script

CVE-2004-1106

all versions

Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script

CVE-2004-2124

all versions

The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS var

CVE-2004-1466

all versions

The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after the

CVE-2004-0522

all versions

Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.

CVE-2003-1428

all versions

Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos.

CVE-2003-1227

all versions

PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode o

CVE-2003-0614

all versions

Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary we

CVE-2002-1412

<= 1.3.1

Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLE

CVE-2002-2130

all versions

publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parame

CVE-2002-2123

all versions

PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP c

CVE-2001-1234

all versions

Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote