Embedded Malicious Code

Overview @ctrl/ngx-csv is a package to easily generate a CSV download in the browser with Angular Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts,...

Exploit for CVE-2025-9776

CVE-2025-9776 — CatFolders WordPress Plugin: Authenticated SQL...

CVE-2025-9776

The CatFolders – Tame Your WordPress Media Library by Category plugin for WordPress is vulnerable to time-based SQL Injection via the CSV Import contents in all versions up to, and including, 2.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

WordPress Maspik plugin authorization issue vulnerability

WordPress Maspik plugin is an anti-spam plugin for WordPress that is mainly used to protect website contact forms, comment areas and signup forms from spam. WordPress Maspik plugin suffers from an authorization issue vulnerability that stems from a lack of capability check in the function...

CVE-2025-59019

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them...

CVE-2025-9776

The CatFolders – Tame Your WordPress Media Library by Category plugin for WordPress is vulnerable to time-based SQL Injection via the CSV Import contents in all versions up to, and including, 2.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

CVE-2025-9776

CVE-2025-9776 – CatFolders WordPress plugin (versions

CVE-2025-9776 CatFolders – Tame Your WordPress Media Library by Category <= 2.5.2 - Authenticated (Author+) SQL Injection via CSV Import

The CatFolders – Tame Your WordPress Media Library by Category plugin for WordPress is vulnerable to time-based SQL Injection via the CSV Import contents in all versions up to, and including, 2.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

PT-2025-37112

Name of the Vulnerable Software and Affected Versions: CatFolders – Tame Your WordPress Media Library by Category plugin versions prior to 2.5.3 Description: The CatFolders – Tame Your WordPress Media Library by Category plugin for WordPress contains a time-based SQL Injection issue via the CSV...

CVE-2025-10040 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getftpdetails' AJAX action in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with...

CVE-2025-10040 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getftpdetails' AJAX action in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with...

Linux Distros Unpatched Vulnerability : CVE-2024-27756

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title. CVE-2024-27756 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2021-32472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and...

WordPress WP Import – Ultimate CSV XML Importer plugin <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ FTP/SFTP Credential Exposure vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WP Ultimate CSV Importer versions = 7.27...

TYPO3 CSV download feature information disclosure

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them...

CVE-2025-59019

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them...

CVE-2025-59019 Information Disclosure via CSV Download

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them...

CVE-2025-59019

Missing authorization checks in TYPO3’s CSV download feature (CVE-2025-59019) allows backend users to disclose information from arbitrary database tables within their web mounts. Affected are TYPO3 CMS versions: 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17. Root cause is an authorization ga...

PT-2025-36695

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 11.0.0 through 11.5.47 TYPO3 CMS versions 12.0.0 through 12.4.36 TYPO3 CMS versions 13.0.0 through 13.4.17 Description: The CSV download feature lacks proper authorization checks. This allows backend users to disclose...

CVE-2025-56267

A CSV injection vulnerability in the /idprofiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file...