CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside the intended plugin directory.
Apptha Slider Gallery version 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attackers can send GET requests with crafted SQL payloads in the albid parameter to extract sensitive database information including user credentials and authentication hashes.
Apptha Slider Gallery version 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the intended directory.
The WordPress Plugin PICA Photo Gallery version 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries via the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract sensitive database information, including user credentials and table contents.
The KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter.
The Wow Viral Signups plugin version 2.1 for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter.
The Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter.
The WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the space_id parameter.
The Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selectedCategory parameter.
Single Personal Message version 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attackers can access the admin interface and supply crafted SQL statements to extract sensitive database information.
The Simply Poll plugin version 1.4.1 for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' action and malicious 'pollid' values to execute arbitrary SQL queries and read sensitive data from the WordPress database.
Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer (FAL) via the Media Module. This issue could expose sensitive files such as log files.
Backend users with write access to the form_definition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations, re-enabling attack vectors originally addressed in TYPO3-CORE-SA-2018-003.
Backend users with file write permissions were able to upload form definition files with mixed-case extensions (e.g., .FORM.YAML) to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to escalate privileges by creating administrative backend user accounts.
Non-privileged backend users were able to perform write operations (move, delete, rename) on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0 through 12.4.45, 13.0.0 through 13.4.30, and 14.0.0 through 14.3.2.
Backend users with access to the Form Framework were able to use files not ending in .form.yaml as form definitions, leading to the processing of files with incorrect extensions. Maliciously crafted form definition files can be used to execute arbitrary SQL statements.
A vulnerability has been identified in SINEC INS (all versions < V1.0 SP2 Update 6) that uses a password hashing implementation with a static, hardcoded salt shared across all users and installations. The configuration with an insufficient number of iterations may allow an attacker to efficiently recover user passwords.
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) that allows a local attacker to escalate privileges by bypassing file system permission checks.
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) that does not properly sanitize user input in the /api/sftp/uploadFiles endpoint. This allows the injection of shell command payloads via crafted directory names.
A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Build 63255) allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and session credentials.

