Malicious code in contentful-app-entry-localization-matrix (npm)

The package contentful-app-entry-localization-matrix was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2021-23176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper access control in reporting engine of l10nfrfec module in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote...

MalLoc: toward Fine-Grained Android Malicious Payload Localization Via LLMs

The rapid evolution of Android malware poses significant challenges to the maintenance and security of mobile applications apps. Traditional detection techniques often struggle to keep pace with emerging malware variants that employ advanced tactics such as code obfuscation and dynamic behavior...

Akaunting 安全漏洞

Akaunting is an application from Akaunting providing all the tools needed to manage funds online. A security vulnerability exists in Akaunting version v3.1.18, which stems from an issue in the /settings/localization component and could lead to a denial of service attack...

Malicious code in l10n-mgr (npm)

The package l10n-mgr was found to contain malicious code...

MAL-2025-21353 Malicious code in geoport-i18n (npm)

The package geoport-i18n was found to contain malicious code...

Malicious code in mozilla-l10n-docs-linter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d878786926dde4c1aa2b65c2241ee43a14fbd2a46d890e608e4374ef405ff359 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

LENS-DF: Deepfake Detection and Temporal Localization for Long-Form Noisy Speech

This study introduces LENS-DF, a novel and comprehensive recipe for training and evaluating audio deepfake detection and temporal localization under complicated and realistic audio conditions. The generation part of the recipe outputs audios from the input dataset with several critical...

CVE-2025-49134

Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12...

Graph Neural Networks for Jamming Source Localization

Graph-based learning provides a powerful framework for modeling complex relational structures; however, its application within the domain of wireless security remains significantly underexplored. In this work, we introduce the first application of graph-based learning for jamming source...

SUSE CVE-2025-47951

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...

CVE-2025-47951

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...

CVE-2025-49134 Weblate exposes personal IP address via e-mail

Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12...

CVE-2025-49134 Weblate exposes personal IP address via e-mail

Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12...

Co-PatcheR: Collaborative Software Patching with Component(S)-Specific Small Reasoning Models

Motivated by the success of general-purpose large language models LLMs in software patching, recent works started to train specialized patching models. Most works trained one model to handle the end-to-end patching pipeline including issue localization, patch generation, and patch validation...

CVE-2024-32466

Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/projectId/translations endpoints, translation data was returned even when API key was missing translation.view scope. However, it was impossible to fetch the data when user was missing this scope. S...

CVE-2023-44471

Cross-Site Request Forgery CSRF vulnerability in Bernhard Kau Backend Localization plugin = 2.1.10 versions...

CVE-2023-38510

Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It's...

Sec5GLoc: Securing 5G Indoor Localization Via Adversary-Resilient Deep Learning Architecture

Emerging 5G millimeter-wave and sub-6 GHz networks enable high-accuracy indoor localization, but security and privacy vulnerabilities pose serious challenges. In this paper, we identify and address threats including location spoofing and adversarial signal manipulation against 5G-based indoor...

CVE-2021-2259

Vulnerability in the Oracle Payables product of Oracle E-Business Suite component: India Localization, Results. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...