CVE-2025-9776 CatFolders – Tame Your WordPress Media Library by Category <= 2.5.2 - Authenticated (Author+) SQL Injection via CSV Import

The CatFolders – Tame Your WordPress Media Library by Category plugin for WordPress is vulnerable to time-based SQL Injection via the CSV Import contents in all versions up to, and including, 2.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

PT-2025-37112

Name of the Vulnerable Software and Affected Versions: CatFolders – Tame Your WordPress Media Library by Category plugin versions prior to 2.5.3 Description: The CatFolders – Tame Your WordPress Media Library by Category plugin for WordPress contains a time-based SQL Injection issue via the CSV...

CVE-2025-10040 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getftpdetails' AJAX action in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with...

CVE-2025-10040 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getftpdetails' AJAX action in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with...

Linux Distros Unpatched Vulnerability : CVE-2024-27756

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title. CVE-2024-27756 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2021-32472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and...

WordPress WP Import – Ultimate CSV XML Importer plugin <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ FTP/SFTP Credential Exposure vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WP Ultimate CSV Importer versions = 7.27...

TYPO3 CSV download feature information disclosure

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them...

CVE-2025-59019

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them...

CVE-2025-59019

Missing authorization checks in TYPO3’s CSV download feature (CVE-2025-59019) allows backend users to disclose information from arbitrary database tables within their web mounts. Affected are TYPO3 CMS versions: 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17. Root cause is an authorization ga...

CVE-2025-59019 Information Disclosure via CSV Download

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them...

PT-2025-36695

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 11.0.0 through 11.5.47 TYPO3 CMS versions 12.0.0 through 12.4.36 TYPO3 CMS versions 13.0.0 through 13.4.17 Description: The CSV download feature lacks proper authorization checks. This allows backend users to disclose...

CVE-2025-56267

A CSV injection vulnerability in the /idprofiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file...

CVE-2025-56267

A CSV injection vulnerability in the /idprofiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file...

CVE-2025-56267

CVE-2025-56267 affects Avigilon ACM v7.10.0.20, in the /id_profiles API, where CSV injection via a crafted Excel file can lead to arbitrary code execution. The vulnerability is documented across multiple feeds (NVD, Red Hat, CNNVD, etc.) with a CVSS v3.1 base score of 9.8 (CRITICAL), network-expo...

CVE-2025-58855

Improper Neutralization of Formula Elements in a CSV File vulnerability in Denis V Artprima AP HoneyPot WordPress Plugin ap-honeypot allows Reflected XSS.This issue affects AP HoneyPot WordPress Plugin: from n/a through = 1.4...

[SECURITY] Fedora 41 Update: yq-4.47.1-2.fc41

Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor...

[SECURITY] Fedora 42 Update: yq-4.47.1-2.fc42

Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor...

Exploit for CVE-2021-34527

A PrintNightmare CVE-2021-34527 Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE not the LPE and generates a CSV report with the results. Tests exploitability over MS-PAR and MS-RPRN. This tool has "de-fanged" versions of the Python exploits, it does not actually...

MAL-2025-43893 Malicious code in cordelia-csv-nightmare-exosphere (npm)

The package cordelia-csv-nightmare-exosphere was found to contain malicious code...