Vendor CVEs
Huge It
All CVEs
22 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1000125 | Cri | 0.67 | 9.8 | 0.03 | Oct 6, 2016 | Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla | ||
| CVE-2016-1000124 | Cri | 0.67 | 9.8 | 0.03 | Oct 6, 2016 | Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 | ||
| CVE-2016-1000123 | Cri | 0.67 | 9.8 | 0.04 | Oct 6, 2016 | Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla | ||
| CVE-2016-1000113 | Cri | 0.64 | 9.8 | 0.03 | Oct 6, 2016 | XSS and SQLi in huge IT gallery v1.1.5 for Joomla | ||
| CVE-2026-22345 | Hig | 0.57 | 8.8 | 0.00 | Feb 20, 2026 | Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery:… | ||
| CVE-2025-49486 | Hig | 0.56 | — | 0.00 | Jul 18, 2025 | A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items. | ||
| CVE-2016-1000122 | Hig | 0.47 | 7.2 | 0.02 | Oct 27, 2016 | XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | ||
| CVE-2016-1000120 | Hig | 0.47 | 7.2 | 0.02 | Oct 27, 2016 | SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | ||
| CVE-2016-1000119 | Hig | 0.47 | 7.2 | 0.02 | Oct 21, 2016 | SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | ||
| CVE-2016-1000118 | Hig | 0.47 | 7.2 | 0.02 | Oct 21, 2016 | XSS & SQLi in HugeIT slideshow v1.0.4 | ||
| CVE-2016-1000117 | Hig | 0.47 | 7.2 | 0.02 | Oct 21, 2016 | XSS & SQLi in HugeIT slideshow v1.0.4 | ||
| CVE-2016-1000116 | Hig | 0.47 | 7.2 | 0.02 | Oct 21, 2016 | Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | ||
| CVE-2016-1000115 | Hig | 0.47 | 7.2 | 0.03 | Oct 21, 2016 | Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | ||
| CVE-2016-1000114 | Med | 0.40 | 6.1 | 0.01 | Oct 6, 2016 | XSS in huge IT gallery v1.1.5 for Joomla | ||
| CVE-2025-26778 | Med | 0.38 | 5.9 | 0.00 | Feb 17, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Gallery gallery allows Stored XSS.This issue affects Gallery: from n/a through <= 2.2.1. | ||
| CVE-2016-1000121 | Med | 0.31 | 4.8 | 0.01 | Oct 27, 2016 | XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | ||
| CVE-2014-7153 | 0.03 | — | 0.02 | Sep 22, 2014 | SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php. | |||
| CVE-2025-20969 | 0.00 | — | 0.00 | May 7, 2025 | Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within Samsung Gallery. | |||
| CVE-2025-20968 | 0.00 | — | 0.00 | May 7, 2025 | Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery. | |||
| CVE-2025-20967 | 0.00 | — | 0.00 | May 7, 2025 | Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary file with the privilege of Samsung Gallery. | |||
| CVE-2023-6077 | 0.00 | — | 0.01 | Dec 18, 2023 | The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft… | |||
| CVE-2002-1732 | 0.00 | — | 0.01 | Dec 31, 2002 | Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string argument to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) PRODREF parameter to ss000007.pl, or… |
- risk 0.67cvss 9.8epss 0.03
Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla
- risk 0.67cvss 9.8epss 0.03
Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6
- risk 0.67cvss 9.8epss 0.04
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
- risk 0.64cvss 9.8epss 0.03
XSS and SQLi in huge IT gallery v1.1.5 for Joomla
- risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery:…
- risk 0.56cvss —epss 0.00
A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items.
- risk 0.47cvss 7.2epss 0.02
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
- risk 0.47cvss 7.2epss 0.02
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
- risk 0.47cvss 7.2epss 0.02
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
- risk 0.47cvss 7.2epss 0.02
XSS & SQLi in HugeIT slideshow v1.0.4
- risk 0.47cvss 7.2epss 0.02
XSS & SQLi in HugeIT slideshow v1.0.4
- risk 0.47cvss 7.2epss 0.02
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS
- risk 0.47cvss 7.2epss 0.03
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS
- risk 0.40cvss 6.1epss 0.01
XSS in huge IT gallery v1.1.5 for Joomla
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Gallery gallery allows Stored XSS.This issue affects Gallery: from n/a through <= 2.2.1.
- risk 0.31cvss 4.8epss 0.01
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
- CVE-2014-7153Sep 22, 2014risk 0.03cvss —epss 0.02
SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php.
- CVE-2025-20969May 7, 2025risk 0.00cvss —epss 0.00
Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within Samsung Gallery.
- CVE-2025-20968May 7, 2025risk 0.00cvss —epss 0.00
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery.
- CVE-2025-20967May 7, 2025risk 0.00cvss —epss 0.00
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary file with the privilege of Samsung Gallery.
- CVE-2023-6077Dec 18, 2023risk 0.00cvss —epss 0.01
The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft…
- CVE-2002-1732Dec 31, 2002risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string argument to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) PRODREF parameter to ss000007.pl, or…