VYPR

Vendor CVEs

Huge It

All CVEs

22 total · sorted by risk
  • CVE-2016-1000125CriOct 6, 2016
    risk 0.67cvss 9.8epss 0.03

    Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla

  • CVE-2016-1000124CriOct 6, 2016
    risk 0.67cvss 9.8epss 0.03

    Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6

  • CVE-2016-1000123CriOct 6, 2016
    risk 0.67cvss 9.8epss 0.04

    Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla

  • CVE-2016-1000113CriOct 6, 2016
    risk 0.64cvss 9.8epss 0.03

    XSS and SQLi in huge IT gallery v1.1.5 for Joomla

  • CVE-2026-22345HigFeb 20, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery:…

  • CVE-2025-49486HigJul 18, 2025
    risk 0.56cvss epss 0.00

    A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items.

  • CVE-2016-1000122HigOct 27, 2016
    risk 0.47cvss 7.2epss 0.02

    XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension

  • CVE-2016-1000120HigOct 27, 2016
    risk 0.47cvss 7.2epss 0.02

    SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla

  • CVE-2016-1000119HigOct 21, 2016
    risk 0.47cvss 7.2epss 0.02

    SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla

  • CVE-2016-1000118HigOct 21, 2016
    risk 0.47cvss 7.2epss 0.02

    XSS & SQLi in HugeIT slideshow v1.0.4

  • CVE-2016-1000117HigOct 21, 2016
    risk 0.47cvss 7.2epss 0.02

    XSS & SQLi in HugeIT slideshow v1.0.4

  • CVE-2016-1000116HigOct 21, 2016
    risk 0.47cvss 7.2epss 0.02

    Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS

  • CVE-2016-1000115HigOct 21, 2016
    risk 0.47cvss 7.2epss 0.03

    Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS

  • CVE-2016-1000114MedOct 6, 2016
    risk 0.40cvss 6.1epss 0.01

    XSS in huge IT gallery v1.1.5 for Joomla

  • CVE-2025-26778MedFeb 17, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Gallery gallery allows Stored XSS.This issue affects Gallery: from n/a through <= 2.2.1.

  • CVE-2016-1000121MedOct 27, 2016
    risk 0.31cvss 4.8epss 0.01

    XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension

  • CVE-2014-7153Sep 22, 2014
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php.

  • CVE-2025-20969May 7, 2025
    risk 0.00cvss epss 0.00

    Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within Samsung Gallery.

  • CVE-2025-20968May 7, 2025
    risk 0.00cvss epss 0.00

    Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery.

  • CVE-2025-20967May 7, 2025
    risk 0.00cvss epss 0.00

    Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary file with the privilege of Samsung Gallery.

  • CVE-2023-6077Dec 18, 2023
    risk 0.00cvss epss 0.01

    The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft…

  • CVE-2002-1732Dec 31, 2002
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string argument to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) PRODREF parameter to ss000007.pl, or…