Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
12029.8%MEDIUM

Related CVEs

2
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2026-25869MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted directory patterns. An attacker can exploit this behavior to cause the application to enumerate and display image files from unintended filesystem locations that are readable by the web server, resulting in unintended information disclosure.MEDIUM6.939.0%Feb 11, 2026
CVE-2026-25868MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting (XSS) vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply HTML/JavaScript that is reflected in the response. Successful exploitation can lead to execution of arbitrary script in a victim's browser in the context of the vulnerable application.MEDIUM5.120.5%Feb 11, 2026