Wasiliy Strecker Contestgallery Developer Contest Gallery vulnerabilities

13 known vulnerabilities affecting wasiliy_strecker/contestgallery_developer_contest_gallery.

Total CVEs

13

CISA KEV

0

Public exploits

1

Exploited in wild

0

Severity breakdown

CRITICAL2HIGH4MEDIUM6UNKNOWN1

Vulnerabilities

Page 1 of 1

CVE-2026-25035CRITICALCVSS 9.8≥ n/a, ≤ <= 28.1.2.22026-03-25

CVE-2026-25035 [CRITICAL] CWE-288 CVE-2026-25035: Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / Contest Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.This issue affects Contest Gallery: from n/a through <= 28.1.2.2.

CVE-2026-24964MEDIUMCVSS 6.4≥ n/a, ≤ <= 28.1.2.12026-03-25

CVE-2026-24964 [MEDIUM] CWE-918 CVE-2026-24964: Server-Side Request Forgery (SSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Cont Server-Side Request Forgery (SSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Server Side Request Forgery.This issue affects Contest Gallery: from n/a through <= 28.1.2.1.

CVE-2026-24965MEDIUMCVSS 4.3≤ 28.1.12026-02-03

CVE-2026-24965 [MEDIUM] CWE-862 CVE-2026-24965: Missing Authorization vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery c Missing Authorization vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contest Gallery: from n/a through <= 28.1.1.

CVE-2025-62950MEDIUMCVSS 4.3≤ 28.0.02025-11-06

CVE-2025-62950 [MEDIUM] CWE-352 CVE-2025-62950: Cross-Site Request Forgery (CSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Conte Cross-Site Request Forgery (CSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Request Forgery.This issue affects Contest Gallery: from n/a through <= 28.0.0.

CVE-2025-48291UNKNOWN≤ 26.0.62025-07-16

CVE-2025-48291 CWE-79 CVE-2025-48291: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through <= 26.0.6.

CVE-2025-22693HIGHCVSS 7.2≤ 25.1.02025-02-03

CVE-2025-22693 [HIGH] CWE-89 CVE-2025-22693: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows SQL Injection.This issue affects Contest Gallery: from n/a through <= 25.1.0.

CVE-2024-56237MEDIUMCVSS 4.8≤ 24.0.32025-01-02

CVE-2024-56237 [MEDIUM] CWE-79 CVE-2024-56237: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through <= 24.0.3.

CVE-2024-43283HIGHCVSS 7.5PoC≤ 23.1.22024-08-26

CVE-2024-43283 [HIGH] CWE-201 CVE-2024-43283: Insertion of Sensitive Information Into Sent Data vulnerability in Wasiliy Strecker / ContestGallery Insertion of Sensitive Information Into Sent Data vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 23.1.2.

CVE-2024-39631MEDIUMCVSS 6.1≤ 23.1.22024-08-01

CVE-2024-39631 [MEDIUM] CWE-79 CVE-2024-39631: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 23.1.2.

CVE-2024-32778HIGHCVSS 8.1≤ 21.3.42024-06-09

CVE-2024-32778 [HIGH] CWE-22 CVE-2024-32778: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wasi Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4.

CVE-2024-30428MEDIUMCVSS 6.1≤ 24.0.32024-03-29

CVE-2024-30428 [MEDIUM] CWE-79 CVE-2024-30428: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Reflected XSS.This issue affects Contest Gallery: from n/a through <= 24.0.3.

CVE-2024-30236CRITICALCVSS 9.9≤ 21.3.42024-03-28

CVE-2024-30236 [CRITICAL] CWE-89 CVE-2024-30236: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4.

CVE-2024-30238HIGHCVSS 8.8≤ 21.3.22024-03-27

CVE-2024-30238 [HIGH] CWE-89 CVE-2024-30238: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.2.