CVE-2025-57919

Deserialization of Untrusted Data vulnerability in ConveyThis ConveyThis conveythis-translate allows Object Injection.This issue affects ConveyThis: from n/a through = 269.1...

CVE-2025-57919

CVE-2025-57919 is a deserialization/ PHP Object Injection vulnerability in Translate WordPress with ConveyThis (WordPress ConveyThis Language Translate Widget), affecting the ConveyThis translation widget up to version 266. The CIRCL sighting confirms an authenticated (Administrator+) PHP Object ...

Missing Authorization

Overview goalgorilla/opensocial is a distribution for building social communities and intranets. Affected versions of this package are vulnerable to Missing Authorization due to a site administration configuration that does not correctly check access when trying to translate allowing unauthorised...

New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims' DNS Email Records

Cybersecurity researchers have shed light on a new phishing-as-a-service PhaaS platform that leverages the Domain Name System DNS mail exchange MX records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishi...

AI and the 2024 Elections

It's been the biggest year for elections in human history: 2024 is a "super-cycle" year in which 3.7 billion eligible voters in 72 countries had the chance to go the polls. These are also the first AI elections, where many feared that deepfakes and artificial intelligence-generated misinformation...

Cross site request forgery (csrf)

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the deleteLang function. This makes it possible for unauthenticated attackers to reset the plugin's quick language...

CVE-2023-1870 YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Update

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on the saveLang function. This makes it possible for unauthenticated attackers to change the plugin's quick language...

YourChannel < 1.2.5 - Multiple CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins to reset and change the plugin's quick language translation, general and channel settings via CSRF attacks...

[SECURITY] Fedora 35 Update: golang-github-nicksnyder-i18n-2-2.1.2-5.fc35

go-i18n is a Go package and a command that helps you translate Go programs in to multiple languages. - Supports pluralized strings for all 200+ languages in the Unicode Common Locale Data Repository CLDR. - Code and tests are automatically generated from CLDR data. - Supports strings with named...

DLL Hijacking Vulnerability in Netease Youtao Dictionary PC Version (CNVD-2021-05433)

Youdao Dictionary is the world's first all-around free language translation software based on search engine technology, produced by NetEase Youdao, NetEase Youdao Dictionary PC terminal dll hijacking vulnerability. There is a DLL hijacking vulnerability in Netease Youdao Dictionary PC, which can ...

Security Bulletin: Weakness in generated service credentials affects multiple Watson Developer Cloud services (CVE-2016-0391)

Summary A weakness in generated service credentials that affects multiple Watson Developer Cloud offered through IBM Bluemix has been identified and fixed. Replacement of previously generated credentials is recommended. Vulnerability Details CVEID: CVE-2016-0391 DESCRIPTION: Multiple Watson...

CVE-2017-16008

i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser. This affects i18next =1.10.2...

CVE-2017-16008

i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser. This affects i18next =1.10.2...

CVE-2017-16008

CVE-2017-16008 affects the i18next translation framework. The vulnerability arises from how interpolation replaces dictionary keys one at a time, allowing untrusted input to inject script via key names in versions ≤ 1.10.2. Multiple sources (OSV, CNVD, NVD cross-reference) document this XSS flaw ...

CVE-2017-16010

i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but i...

CVE-2017-16010

i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but i...

CVE-2017-16010

CVE-2017-16010 : In i18next, if you call init with interpolation options and do not set escapeValue, the value defaults to undefined, causing user input to be unescaped and enabling cross-site scripting. Affected: i18next 2.0.0 and later. Exploitation details and proof-of-concept are described in...

CVE-2017-16010

i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but i...

openSUSE Security Update : translate-toolkit (openSUSE-2018-130)

This update for translate-toolkit to 2.2.4 fixes several issues. This security issue was fixed : - Prevent inclusion of external ressources XXE boo1073535 These non-security issues were fixed : - Added support for nested and WebExtension JSON dialects. - po2txt no longer converts non-translatable...

MS15-047: Description of the security update for SharePoint Server 2010: May 12, 2015

MS15-047: Description of the security update for SharePoint Server 2010: May 12, 2015 Summary This security update resolves vulnerabilities in Microsoft Office server and productivity software. The vulnerabilities could allow remote code execution if an authenticated attacker sends specially...