Lucene search
K

26 matches found

vulnersOsv
vulnersOsv
added 2026/04/22 8:28 p.m.7 views

@aedwards/ohif-viewer (>=5.0.1 <=5.0.14), @bitrefill/airfill-widget (>=3.6.0 <=4.1.7) +55 more potentially affected by CVE-2026-41885 via i18next-locize-backend (>=0.0.1 <=9.0.1)

i18next-locize-backend NPM version =0.0.1, =5.0.1, =3.6.0, =1.7.5, =1.0.5, =9.14.0, =1.0.0, =1.0.1, =0.8.1, =0.8.1, =1.0.0, =1.0.0, =0.0.11, =0.53.0-14, =0.53.3 and more Source cves: CVE-2026-41885 Source advisory: OSV:GHSA-MGCP-MFP8-3Q45...

6.5CVSS5.8AI score0.00224EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/22 8:28 p.m.9 views

locizer (>=5.0.0 <=5.0.1), locizify (>=9.0.0 <=9.0.9) +1 more potentially affected by CVE-2026-41885 via i18next-locize-backend (>=9.0.0 <=9.0.1)

i18next-locize-backend NPM version =9.0.0, =5.0.0, =9.0.0, =2.0.0, =2.0.6 Source cves: CVE-2026-41885 Source advisory: SNYK:JS-I18NEXTLOCIZEBACKEND-16415530...

6.5CVSS5.8AI score0.00224EPSS
Exploits0
Snyk
Snyk
added 2026/04/22 8:28 p.m.5 views

Directory Traversal

Overview i18next-locize-backend is an i18next-locize-backend is a backend layer for i18next to use locize service which can be used in node.js, in the browser and for deno. Affected versions of this package are vulnerable to Directory Traversal via the lng, ns, projectId, or version parameters,...

6.9CVSS6.3AI score0.00224EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/22 8:28 p.m.10 views

i18next-locize-backend has URL Injection via Unsanitized Path Parameters

Summary Versions of i18next-locize-backend prior to 9.0.2 interpolate lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath / getLanguagesPath URL templates with no path-component validation and no encoding. When an application exposes any of...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.10 views

PT-2026-37156

Name of the Vulnerable Software and Affected Versions locize versions prior to 4.0.21 Description The locize client SDK registers a window.addEventListener"message", … handler that dispatches to internal handlers such as editKey, commitKey, commitKeys, isLocizeEnabled, and requestInitialize witho...

7.5CVSS5.8AI score0.00101EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.13 views

PT-2026-37155

Name of the Vulnerable Software and Affected Versions i18next-locize-backend versions prior to 9.0.2 Description The software interpolates lng, ns, projectId, and version directly into configured URL templates such as 'loadPath', 'privatePath', 'addPath', 'updatePath', and 'getLanguagesPath'...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References6
Rows per page
Query Builder