CVE-2020-25025

The l10nmgr aka Localization Manager extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure translatable fields...

FragFake: a Dataset for Fine-Grained Detection of Edited Images with Vision Language Models

Fine-grained edited image detection of localized edits in images is crucial for assessing content authenticity, especially given that modern diffusion models and image editing methods can produce highly realistic manipulations. However, this domain faces three challenges: 1 Binary classifiers yie...

Securing WiFi Fingerprint-Based Indoor Localization Systems from Malicious Access Points

WiFi fingerprint-based indoor localization schemes deliver highly accurate location data by matching the received signal strength indicator RSSI with an offline database using machine learning ML or deep learning DL models. However, over time, RSSI values degrade due to the malicious behavior of...

GenPTW: In-Generation Image Watermarking for Provenance Tracing and Tamper Localization

The rapid development of generative image models has brought tremendous opportunities to AI-generated content AIGC creation, while also introducing critical challenges in ensuring content authenticity and copyright ownership. Existing image watermarking methods, though partially effective, often...

PYSEC-2025-35

Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...

CVE-2025-30607

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Name.ly Quick Localization quick-localization allows Reflected XSS.This issue affects Quick Localization: from n/a through = 0.1.0...

CVE-2025-30607

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Name.ly Quick Localization quick-localization allows Reflected XSS.This issue affects Quick Localization: from n/a through = 0.1.0...

CVE-2025-30607 WordPress Quick Localization plugin <= 0.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Name.ly Quick Localization quick-localization allows Reflected XSS.This issue affects Quick Localization: from n/a through = 0.1.0...

CVE-2025-30607

CVE-2025-30607 is a reflected XSS in the WordPress plugin Quick Localization (aka Quick Localisation), affecting versions up to 0.1.0. Public details indicate improper input neutralization during web page generation leading to cross-site scripting, with CVSS 3.1 base score 7.1 (HIGH) and exploita...

CVE-2025-30607 WordPress Quick Localization plugin <= 0.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Name.ly Quick Localization quick-localization allows Reflected XSS.This issue affects Quick Localization: from n/a through = 0.1.0...

WordPress plugin Quick Localization 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress Quick Localization plugin <= 0.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Quick Localization versions = 0.1.0...

Nav2 安全漏洞

Nav2 is the ROS community's navigation framework and system for ROS2. A security vulnerability exists in Nav2 that originates from the nav2amcl process containing post-release reuse. The vulnerability is triggered by remotely sending a request to change the value of zrand in the dynamic...

CVE-2024-52297

Tolgee is an open-source localization platform. Tolgee 3.81.1 included the all configuration properties in the PublicConfiguratioDTO publicly exposed to users. This vulnerability is fixed in v3.81.2...

CVE-2024-52297 Tolgee's configuration all configuration properties leaked in public configuration DTO

Tolgee is an open-source localization platform. Tolgee 3.81.1 included the all configuration properties in the PublicConfiguratioDTO publicly exposed to users. This vulnerability is fixed in v3.81.2...

CVE-2024-52297

Tolgee (open-source localization platform) vulnerability CVE-2024-52297: in version 3.81.1, all configuration properties were exposed publicly via PublicConfigurationDTO to users. Root cause: Public exposure of configuration data. Impact: high potential disclosure risk stated in sources; fixed in...

CVE-2024-49760 OpenRefine has a path traversal in LoadLanguageCommand

OpenRefine is a free, open source tool for working with messy data. The load-language command expects a lang parameter from which it constructs the path of the localization file to load, of the form translations-$LANG.json. But when doing so in versions prior to 3.8.3, it does not check that the...

CVE-2024-49760

CVE-2024-49760 affects OpenRefine: in versions prior to 3.8.3 the load-language command does not verify the target directory, enabling a path traversal to read other JSON files on the file system. The issue is resolved in 3.8.3. Impact details and exploit information are stated in provided docume...

MAL-2024-7971 Malicious code in localization-configuration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 825c642696ea5f30780f48b909d4ab3e393a8e64c037249e775b138a1d2ac838 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in localization-configuration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 825c642696ea5f30780f48b909d4ab3e393a8e64c037249e775b138a1d2ac838 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...